Adobe Based in San Jose, best known for creating Photoshop, Acrobat (PDF).
stack.watch can notify you when security vulnerabilities are reported in any Adobe product. You can add multiple products that you use with Adobe to create your own personal software stack watcher.
Products by Adobe Sorted by Most Security Vulnerabilities since 2018
Adobe ColdFusion39 vulnerabilities
Web application server since 1995. Tag or script based programming language CFML.
@AdobeSecurity Tweets
We’re proud of how integral #InclusiveDesign has become @Adobe. Learn more about our Blue Belt program and other re… https://t.co/V1gUlRtohd
Tue Jul 07 22:09:01 +0000 2020
Tue Jul 07 22:09:01 +0000 2020
What do you do if you find a removable media device of unknown origin? DON’T plug it in! More on preventing… https://t.co/cF2IHcLaMk
Tue Jul 07 18:24:01 +0000 2020
Tue Jul 07 18:24:01 +0000 2020
Only plug in portable data or media devices that you trust. Learn more about #security for portable hardware in our… https://t.co/c2dVprDmbM
Mon Jul 06 20:23:00 +0000 2020
Mon Jul 06 20:23:00 +0000 2020
You’ve found a USB stick on the ground. What do you do? Here’s how our good Samaritan instincts can lead to install… https://t.co/jC8wpeXGzZ
Thu Jul 02 17:23:01 +0000 2020
Thu Jul 02 17:23:01 +0000 2020
Check out these great examples of how @PeleusUhley & @AdobeSecurity are using network analysis and network graphs t… https://t.co/hYK5Fk8T5s
Wed Jul 01 19:12:01 +0000 2020
Wed Jul 01 19:12:01 +0000 2020
By the Year
In 2020 there have been 24 vulnerabilities in Adobe with an average score of 7.4 out of ten. Last year Adobe had 39 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Adobe in 2020 could surpass last years number. Last year, the average CVE base score was greater by 0.14
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2020 | 24 | 7.44 |
| 2019 | 39 | 7.58 |
| 2018 | 91 | 7.58 |
It may take a day or so for new Adobe vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Adobe Security Vulnerabilities
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability
CVE-2020-3767
6.5 - Medium
- June 26, 2020
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos).
Improper Input Validation
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability
CVE-2020-3768
7.8 - High
- June 26, 2020
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
426
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability
CVE-2020-3796
6.5 - Medium
- June 26, 2020
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure.
Information Leak
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability
CVE-2020-9643
7.5 - High
- June 12, 2020
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSPA
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability
CVE-2020-9644
5.4 - Medium
- June 12, 2020
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
XSS
Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability
CVE-2020-9645
7.5 - High
- June 12, 2020
Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSPA
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability
CVE-2020-9647
6.1 - Medium
- June 12, 2020
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
XSS
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability
CVE-2020-9648
6.1 - Medium
- June 12, 2020
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
XSS
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability
CVE-2020-9651
6.1 - Medium
- June 12, 2020
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.
XSS
Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability
CVE-2020-9634
8.8 - High
- June 12, 2020
Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
Out-of-bounds Write
Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability
CVE-2020-9635
8.8 - High
- June 12, 2020
Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
Out-of-bounds Write
Adobe Framemaker versions 2019.0.5 and below have a memory corruption vulnerability
CVE-2020-9636
8.8 - High
- June 12, 2020
Adobe Framemaker versions 2019.0.5 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
Memory Corruption
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability
CVE-2020-3761
7.5 - High
- March 25, 2020
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory.
Information Leak
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability
CVE-2020-3794
9.8 - Critical
- March 25, 2020
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory.
Improper Input Validation
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability
CVE-2020-3769
7.5 - High
- March 25, 2020
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSPA
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2
CVE-2020-8818
8.1 - High
- February 25, 2020
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments.
Origin Validation Error
Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability
CVE-2020-3759
7.5 - High
- February 13, 2020
Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability. Successful exploitation could lead to information disclosure.
Memory Corruption
Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerability
CVE-2020-3741
7.5 - High
- February 13, 2020
Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled resource consumption vulnerability. Successful exploitation could lead to denial-of-service.
Uncontrolled Resource Consumption ('Resource Exhaustion')
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability
CVE-2020-3737
8.8 - High
- February 13, 2020
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
Out-of-bounds Write
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability
CVE-2020-3738
8.8 - High
- February 13, 2020
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
Out-of-bounds Write
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability
CVE-2019-16466
6.1 - Medium
- January 15, 2020
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability
CVE-2019-16468
7.5 - High
- January 15, 2020
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
Information Leak
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability
CVE-2019-16469
7.5 - High
- January 15, 2020
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
Information Leak
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability
CVE-2019-16467
6.1 - Medium
- January 15, 2020
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability
CVE-2019-8256
9.8 - Critical
- December 19, 2019
ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation.
Incorrect Default Permissions
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability
CVE-2019-8085
6.1 - Medium
- October 25, 2019
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability
CVE-2019-8086
7.5 - High
- October 25, 2019
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
XXE
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability
CVE-2019-8087
7.5 - High
- October 25, 2019
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
XXE
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability
CVE-2019-8088
9.8 - Critical
- October 25, 2019
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
Downstream Injection
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability
CVE-2019-8234
6.5 - Medium
- October 25, 2019
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
352
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability
CVE-2019-8081
7.5 - High
- October 25, 2019
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authentication bypass vulnerability. Successful exploitation could lead to sensitive information disclosure.
authentification
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability
CVE-2019-8082
7.5 - High
- October 25, 2019
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
XXE
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability
CVE-2019-8084
6.1 - Medium
- October 25, 2019
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability
CVE-2019-8083
6.1 - Medium
- October 25, 2019
Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability
CVE-2019-8079
6.1 - Medium
- October 24, 2019
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability
CVE-2019-8078
6.1 - Medium
- October 24, 2019
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability
CVE-2019-8080
6.1 - Medium
- October 24, 2019
Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability. Successful exploitation could lead to privilege escalation.
XSS
Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability
CVE-2019-8089
6.1 - Medium
- October 22, 2019
Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability
CVE-2019-8072
7.5 - High
- September 27, 2019
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
Information Leak
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection
CVE-2019-8073
9.8 - Critical
- September 27, 2019
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.
Downstream Injection
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability
CVE-2019-8074
9.8 - Critical
- September 27, 2019
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.
Directory traversal
Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability
CVE-2019-8076
7.8 - High
- September 12, 2019
Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
426
Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability
CVE-2019-7964
9.8 - Critical
- August 16, 2019
Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution.
authentification
Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability
CVE-2019-8062
7.8 - High
- August 14, 2019
Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.
426
Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability
CVE-2019-7870
7.8 - High
- August 14, 2019
Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.
426
Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability
CVE-2019-7961
7.8 - High
- August 14, 2019
Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.
426
Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability
CVE-2019-7931
7.8 - High
- August 14, 2019
Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitrary code execution.
426
Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability
CVE-2019-7953
6.5 - Medium
- July 18, 2019
Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
352
Adobe Experience Manager version 6.4 and ealier have a Stored Cross-site Scripting vulnerability
CVE-2019-7954
6.1 - Medium
- July 18, 2019
Adobe Experience Manager version 6.4 and ealier have a Stored Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
XSS
Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability
CVE-2019-7955
6.1 - Medium
- July 18, 2019
Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
XSS
ColdFusion versions Update 3 and earlier
CVE-2019-7838
9.8 - Critical
- June 12, 2019
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Unrestricted File Upload
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability
CVE-2019-7839
9.8 - Critical
- June 12, 2019
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
Improper Neutralization of Special Elements used in a Command ('Command Injection')
ColdFusion versions Update 3 and earlier
CVE-2019-7840
9.8 - Critical
- June 12, 2019
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
Marshaling, Unmarshaling
Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability
CVE-2019-7129
6.1 - Medium
- May 29, 2019
Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
ColdFusion versions Update 1 and earlier
CVE-2019-7091
9.8 - Critical
- May 24, 2019
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
Marshaling, Unmarshaling
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability
CVE-2019-7092
6.1 - Medium
- May 24, 2019
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure .
XSS
ColdFusion versions Update 2 and earlier
CVE-2019-7816
9.8 - Critical
- May 24, 2019
ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution.
Unrestricted File Upload
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability
CVE-2019-7104
9.8 - Critical
- May 23, 2019
Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
Memory Corruption
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability
CVE-2018-19726
6.1 - Medium
- January 28, 2019
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability
CVE-2018-19724
6.1 - Medium
- January 28, 2019
Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability
CVE-2018-19727
6.1 - Medium
- January 28, 2019
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability
CVE-2018-19718
5.3 - Medium
- January 18, 2019
Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposure of the privileges granted to a session.
Information Leak
Adobe Digital Editions versions 4.5.9 and below have an out of bounds read vulnerability
CVE-2018-12817
7.5 - High
- January 18, 2019
Adobe Digital Editions versions 4.5.9 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
Out-of-bounds Read
Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability
CVE-2018-15980
7.5 - High
- November 29, 2018
Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Out-of-bounds Read
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability
CVE-2018-12813
9.8 - Critical
- October 17, 2018
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
Memory Corruption
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability
CVE-2018-12814
9.8 - Critical
- October 17, 2018
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
Memory Corruption
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability
CVE-2018-12816
7.5 - High
- October 17, 2018
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
Out-of-bounds Read
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability
CVE-2018-12818
7.5 - High
- October 17, 2018
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
Out-of-bounds Read
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability
CVE-2018-12819
7.5 - High
- October 17, 2018
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
Out-of-bounds Read
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability
CVE-2018-12820
7.5 - High
- October 17, 2018
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
Out-of-bounds Read
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability
CVE-2018-12821
7.5 - High
- October 17, 2018
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
Out-of-bounds Read
Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability
CVE-2018-12822
9.8 - Critical
- October 17, 2018
Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
Dangling pointer
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability
CVE-2018-12823
9.8 - Critical
- October 17, 2018
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
Memory Corruption
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability
CVE-2018-15970
6.1 - Medium
- October 17, 2018
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability
CVE-2018-15971
6.1 - Medium
- October 17, 2018
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability
CVE-2018-15972
6.1 - Medium
- October 17, 2018
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability
CVE-2018-15973
6.1 - Medium
- October 17, 2018
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability
CVE-2018-15969
6.1 - Medium
- October 17, 2018
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability
CVE-2018-15974
7.8 - High
- October 17, 2018
Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
426
Adobe Technical Communications Suite versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability
CVE-2018-15976
7.8 - High
- October 17, 2018
Adobe Technical Communications Suite versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
DLL preloading
Adobe ColdFusion versions July 12 release (2018.0.0.310739)
CVE-2018-15957
9.8 - Critical
- September 25, 2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
Marshaling, Unmarshaling
Adobe ColdFusion versions July 12 release (2018.0.0.310739)
CVE-2018-15958
9.8 - Critical
- September 25, 2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
Marshaling, Unmarshaling
Adobe ColdFusion versions July 12 release (2018.0.0.310739)
CVE-2018-15959
9.8 - Critical
- September 25, 2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
Marshaling, Unmarshaling
Adobe ColdFusion versions July 12 release (2018.0.0.310739)
CVE-2018-15960
7.5 - High
- September 25, 2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite.
Improper Input Validation
Adobe ColdFusion versions July 12 release (2018.0.0.310739)
CVE-2018-15961
9.8 - Critical
- September 25, 2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
Unrestricted File Upload
Adobe ColdFusion versions July 12 release (2018.0.0.310739)
CVE-2018-15962
5.3 - Medium
- September 25, 2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure.
Information Leak
Adobe ColdFusion versions July 12 release (2018.0.0.310739)
CVE-2018-15963
5.3 - Medium
- September 25, 2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation.
Adobe ColdFusion versions July 12 release (2018.0.0.310739)
CVE-2018-15964
7.5 - High
- September 25, 2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure.
Information Leak
Adobe ColdFusion versions July 12 release (2018.0.0.310739)
CVE-2018-15965
9.8 - Critical
- September 25, 2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
Marshaling, Unmarshaling
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability
CVE-2018-5005
6.1 - Medium
- September 06, 2018
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability
CVE-2018-12829
9.8 - Critical
- August 29, 2018
Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation.
Improper Certificate Validation
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability
CVE-2018-12806
6.1 - Medium
- August 29, 2018
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSS
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability
CVE-2018-12807
5.3 - Medium
- August 29, 2018
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability. Successful exploitation could lead to unauthorized information modification.
Improper Input Validation
Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability
CVE-2018-12804
9.8 - Critical
- July 20, 2018
Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. Successful exploitation could lead to session hijacking.
authentification
Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability
CVE-2018-12805
9.8 - Critical
- July 20, 2018
Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation.
DLL preloading
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability
CVE-2018-12809
7.5 - High
- July 20, 2018
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSPA
Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability
CVE-2018-5004
7.5 - High
- July 20, 2018
Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSPA
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability
CVE-2018-5006
7.5 - High
- July 20, 2018
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
XSPA
Adobe ColdFusion Update 5 and earlier versions
CVE-2018-4938
7.8 - High
- May 19, 2018
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation.
DLL preloading
Adobe ColdFusion Update 5 and earlier versions
CVE-2018-4939
9.8 - Critical
- May 19, 2018
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.
Marshaling, Unmarshaling