Adobe Adobe Based in San Jose, best known for creating Photoshop, Acrobat (PDF).

stack.watch can notify you when security vulnerabilities are reported in any Adobe product. You can add multiple products that you use with Adobe to create your own personal software stack watcher.

Products by Adobe Sorted by Most Security Vulnerabilities since 2018

Adobe Experience Manager47 vulnerabilities

Adobe Acrobat Reader39 vulnerabilities

Adobe ColdFusion39 vulnerabilities
Web application server since 1995. Tag or script based programming language CFML.

Adobe Acrobat Reader Dc39 vulnerabilities

Adobe Acrobat39 vulnerabilities
Application for working with PDF documents

Adobe Acrobat Dc39 vulnerabilities

Adobe Digital Editions11 vulnerabilities

Adobe Connect6 vulnerabilities

Adobe Framemaker6 vulnerabilities

Adobe Creative Cloud4 vulnerabilities

Adobe Prelude Cc1 vulnerability

Adobe Premiere Pro Cc1 vulnerability

Adobe After Effects1 vulnerability

Adobe Push Notifications1 vulnerability

Adobe Magento1 vulnerability

Adobe Application Manager1 vulnerability

Adobe Shockwave Player1 vulnerability

Adobe Photoshop CC1 vulnerability
Popular Photo Editing Software

Adobe Character Animator1 vulnerability

@AdobeSecurity Tweets

We’re proud of how integral #InclusiveDesign has become @Adobe. Learn more about our Blue Belt program and other re… https://t.co/V1gUlRtohd
Tue Jul 07 22:09:01 +0000 2020

What do you do if you find a removable media device of unknown origin? DON’T plug it in! More on preventing… https://t.co/cF2IHcLaMk
Tue Jul 07 18:24:01 +0000 2020

Only plug in portable data or media devices that you trust. Learn more about #security for portable hardware in our… https://t.co/c2dVprDmbM
Mon Jul 06 20:23:00 +0000 2020

You’ve found a USB stick on the ground. What do you do? Here’s how our good Samaritan instincts can lead to install… https://t.co/jC8wpeXGzZ
Thu Jul 02 17:23:01 +0000 2020

Check out these great examples of how @PeleusUhley & @AdobeSecurity are using network analysis and network graphs t… https://t.co/hYK5Fk8T5s
Wed Jul 01 19:12:01 +0000 2020

By the Year

In 2020 there have been 24 vulnerabilities in Adobe with an average score of 7.4 out of ten. Last year Adobe had 39 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Adobe in 2020 could surpass last years number. Last year, the average CVE base score was greater by 0.14

Year Vulnerabilities Average Score
2020 24 7.44
2019 39 7.58
2018 91 7.58

It may take a day or so for new Adobe vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Adobe Security Vulnerabilities

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability

CVE-2020-3767 6.5 - Medium - June 26, 2020

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos).

Improper Input Validation

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability

CVE-2020-3768 7.8 - High - June 26, 2020

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.

426

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability

CVE-2020-3796 6.5 - Medium - June 26, 2020

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure.

Information Leak

Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability

CVE-2020-9643 7.5 - High - June 12, 2020

Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSPA

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability

CVE-2020-9644 5.4 - Medium - June 12, 2020

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.

XSS

Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability

CVE-2020-9645 7.5 - High - June 12, 2020

Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSPA

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability

CVE-2020-9647 6.1 - Medium - June 12, 2020

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.

XSS

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability

CVE-2020-9648 6.1 - Medium - June 12, 2020

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.

XSS

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability

CVE-2020-9651 6.1 - Medium - June 12, 2020

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.

XSS

Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability

CVE-2020-9634 8.8 - High - June 12, 2020

Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

Out-of-bounds Write

Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability

CVE-2020-9635 8.8 - High - June 12, 2020

Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

Out-of-bounds Write

Adobe Framemaker versions 2019.0.5 and below have a memory corruption vulnerability

CVE-2020-9636 8.8 - High - June 12, 2020

Adobe Framemaker versions 2019.0.5 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Memory Corruption

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability

CVE-2020-3761 7.5 - High - March 25, 2020

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory.

Information Leak

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability

CVE-2020-3794 9.8 - Critical - March 25, 2020

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory.

Improper Input Validation

Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability

CVE-2020-3769 7.5 - High - March 25, 2020

Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSPA

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2

CVE-2020-8818 8.1 - High - February 25, 2020

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.

Origin Validation Error

Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability

CVE-2020-3759 7.5 - High - February 13, 2020

Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability. Successful exploitation could lead to information disclosure.

Memory Corruption

Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerability

CVE-2020-3741 7.5 - High - February 13, 2020

Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerability. Successful exploitation could lead to denial-of-service.

Uncontrolled Resource Consumption ('Resource Exhaustion')

Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability

CVE-2020-3737 8.8 - High - February 13, 2020

Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

Out-of-bounds Write

Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability

CVE-2020-3738 8.8 - High - February 13, 2020

Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

Out-of-bounds Write

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability

CVE-2019-16466 6.1 - Medium - January 15, 2020

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability

CVE-2019-16468 7.5 - High - January 15, 2020

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

Information Leak

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability

CVE-2019-16469 7.5 - High - January 15, 2020

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

Information Leak

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability

CVE-2019-16467 6.1 - Medium - January 15, 2020

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability

CVE-2019-8256 9.8 - Critical - December 19, 2019

ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation.

Incorrect Default Permissions

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability

CVE-2019-8085 6.1 - Medium - October 25, 2019

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability

CVE-2019-8086 7.5 - High - October 25, 2019

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

XXE

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability

CVE-2019-8087 7.5 - High - October 25, 2019

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

XXE

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability

CVE-2019-8088 9.8 - Critical - October 25, 2019

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Downstream Injection

Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability

CVE-2019-8234 6.5 - Medium - October 25, 2019

Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

352

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability

CVE-2019-8081 7.5 - High - October 25, 2019

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.

authentification

Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability

CVE-2019-8082 7.5 - High - October 25, 2019

Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

XXE

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability

CVE-2019-8084 6.1 - Medium - October 25, 2019

Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability

CVE-2019-8083 6.1 - Medium - October 25, 2019

Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability

CVE-2019-8079 6.1 - Medium - October 24, 2019

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability

CVE-2019-8078 6.1 - Medium - October 24, 2019

Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability

CVE-2019-8080 6.1 - Medium - October 24, 2019

Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability. Successful exploitation could lead to privilege escalation.

XSS

Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability

CVE-2019-8089 6.1 - Medium - October 22, 2019

Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability

CVE-2019-8072 7.5 - High - September 27, 2019

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

Information Leak

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection

CVE-2019-8073 9.8 - Critical - September 27, 2019

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.

Downstream Injection

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability

CVE-2019-8074 9.8 - Critical - September 27, 2019

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.

Directory traversal

Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability

CVE-2019-8076 7.8 - High - September 12, 2019

Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.

426

Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability

CVE-2019-7964 9.8 - Critical - August 16, 2019

Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution.

authentification

Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability

CVE-2019-8062 7.8 - High - August 14, 2019

Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.

426

Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability

CVE-2019-7870 7.8 - High - August 14, 2019

Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.

426

Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability

CVE-2019-7961 7.8 - High - August 14, 2019

Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.

426

Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability

CVE-2019-7931 7.8 - High - August 14, 2019

Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.

426

Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability

CVE-2019-7953 6.5 - Medium - July 18, 2019

Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.

352

Adobe Experience Manager version 6.4 and ealier have a Stored Cross-site Scripting vulnerability

CVE-2019-7954 6.1 - Medium - July 18, 2019

Adobe Experience Manager version 6.4 and ealier have a Stored Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.

XSS

Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability

CVE-2019-7955 6.1 - Medium - July 18, 2019

Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.

XSS

ColdFusion versions Update 3 and earlier

CVE-2019-7838 9.8 - Critical - June 12, 2019

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Unrestricted File Upload

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability

CVE-2019-7839 9.8 - Critical - June 12, 2019

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Improper Neutralization of Special Elements used in a Command ('Command Injection')

ColdFusion versions Update 3 and earlier

CVE-2019-7840 9.8 - Critical - June 12, 2019

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Marshaling, Unmarshaling

Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability

CVE-2019-7129 6.1 - Medium - May 29, 2019

Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

ColdFusion versions Update 1 and earlier

CVE-2019-7091 9.8 - Critical - May 24, 2019

ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Marshaling, Unmarshaling

ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability

CVE-2019-7092 6.1 - Medium - May 24, 2019

ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure .

XSS

ColdFusion versions Update 2 and earlier

CVE-2019-7816 9.8 - Critical - May 24, 2019

ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Unrestricted File Upload

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability

CVE-2019-7104 9.8 - Critical - May 23, 2019

Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Memory Corruption

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability

CVE-2018-19726 6.1 - Medium - January 28, 2019

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability

CVE-2018-19724 6.1 - Medium - January 28, 2019

Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability

CVE-2018-19727 6.1 - Medium - January 28, 2019

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability

CVE-2018-19718 5.3 - Medium - January 18, 2019

Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposure of the privileges granted to a session.

Information Leak

Adobe Digital Editions versions 4.5.9 and below have an out of bounds read vulnerability

CVE-2018-12817 7.5 - High - January 18, 2019

Adobe Digital Editions versions 4.5.9 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.

Out-of-bounds Read

Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability

CVE-2018-15980 7.5 - High - November 29, 2018

Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Out-of-bounds Read

Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability

CVE-2018-12813 9.8 - Critical - October 17, 2018

Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

Memory Corruption

Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability

CVE-2018-12814 9.8 - Critical - October 17, 2018

Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

Memory Corruption

Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability

CVE-2018-12816 7.5 - High - October 17, 2018

Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.

Out-of-bounds Read

Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability

CVE-2018-12818 7.5 - High - October 17, 2018

Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.

Out-of-bounds Read

Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability

CVE-2018-12819 7.5 - High - October 17, 2018

Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.

Out-of-bounds Read

Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability

CVE-2018-12820 7.5 - High - October 17, 2018

Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.

Out-of-bounds Read

Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability

CVE-2018-12821 7.5 - High - October 17, 2018

Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.

Out-of-bounds Read

Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability

CVE-2018-12822 9.8 - Critical - October 17, 2018

Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Dangling pointer

Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability

CVE-2018-12823 9.8 - Critical - October 17, 2018

Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

Memory Corruption

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability

CVE-2018-15970 6.1 - Medium - October 17, 2018

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability

CVE-2018-15971 6.1 - Medium - October 17, 2018

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability

CVE-2018-15972 6.1 - Medium - October 17, 2018

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability

CVE-2018-15973 6.1 - Medium - October 17, 2018

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability

CVE-2018-15969 6.1 - Medium - October 17, 2018

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability

CVE-2018-15974 7.8 - High - October 17, 2018

Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

426

Adobe Technical Communications Suite versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability

CVE-2018-15976 7.8 - High - October 17, 2018

Adobe Technical Communications Suite versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

DLL preloading

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15957 9.8 - Critical - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Marshaling, Unmarshaling

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15958 9.8 - Critical - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Marshaling, Unmarshaling

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15959 9.8 - Critical - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Marshaling, Unmarshaling

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15960 7.5 - High - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite.

Improper Input Validation

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15961 9.8 - Critical - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.

Unrestricted File Upload

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15962 5.3 - Medium - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure.

Information Leak

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15963 5.3 - Medium - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation.

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15964 7.5 - High - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure.

Information Leak

Adobe ColdFusion versions July 12 release (2018.0.0.310739)

CVE-2018-15965 9.8 - Critical - September 25, 2018

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Marshaling, Unmarshaling

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability

CVE-2018-5005 6.1 - Medium - September 06, 2018

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability

CVE-2018-12829 9.8 - Critical - August 29, 2018

Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation.

Improper Certificate Validation

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability

CVE-2018-12806 6.1 - Medium - August 29, 2018

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSS

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability

CVE-2018-12807 5.3 - Medium - August 29, 2018

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability. Successful exploitation could lead to unauthorized information modification.

Improper Input Validation

Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability

CVE-2018-12804 9.8 - Critical - July 20, 2018

Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. Successful exploitation could lead to session hijacking.

authentification

Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability

CVE-2018-12805 9.8 - Critical - July 20, 2018

Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation.

DLL preloading

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability

CVE-2018-12809 7.5 - High - July 20, 2018

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSPA

Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability

CVE-2018-5004 7.5 - High - July 20, 2018

Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSPA

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability

CVE-2018-5006 7.5 - High - July 20, 2018

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

XSPA

Adobe ColdFusion Update 5 and earlier versions

CVE-2018-4938 7.8 - High - May 19, 2018

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation.

DLL preloading

Adobe ColdFusion Update 5 and earlier versions

CVE-2018-4939 9.8 - Critical - May 19, 2018

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.

Marshaling, Unmarshaling

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8