Adobe Based in San Jose, best known for creating Photoshop, Acrobat (PDF).
Products by Adobe Sorted by Most Security Vulnerabilities since 2018
Adobe Experience Manager505 vulnerabilities
Adobe Experience Manager (AEM), is a comprehensive content management solution for building websites, mobile apps and forms
Adobe ColdFusion99 vulnerabilities
Web application server since 1995. Tag or script based programming language CFML.
Adobe Creative Cloud Desktop Application11 vulnerabilities
The desktop client for Adobe Creative Cloud
Recent Adobe Security Advisories
Advisory | Title | Published |
---|---|---|
APSB24-72 | Security updates available for Adobe Photoshop | APSB24-72 | September 10, 2024 |
APSB24-66 | Security Updates Available for Adobe Illustrator | APSB24-66 | September 10, 2024 |
APSB24-53 | Security Updates Available for Adobe Media Encoder | APSB24-53 | September 10, 2024 |
APSB24-71 | Security updates available for Adobe ColdFusion | APSB24-71 | September 10, 2024 |
APSB24-70 | Prenotification Security Advisory for Adobe Acrobat and Reader | APSB24-70 | September 10, 2024 |
APSB24-54 | Security Updates Available for Adobe Audition | APSB24-54 | September 10, 2024 |
APSB24-61 | Security Updates Available for Adobe Commerce | APSB24-61 | August 14, 2024 |
APSB24-49 | Security updates available for Adobe Photoshop | APSB24-49 | August 14, 2024 |
APSB24-56 | Security Update Available for Adobe InDesign | APSB24-56 | August 14, 2024 |
APSB24-45 | Security Updates Available for Adobe Illustrator | APSB24-45 | August 14, 2024 |
Known Exploited Adobe Vulnerabilities
The following Adobe vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Adobe Flash Player Double Free Vulnerablity | Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code. CVE-2014-0502 | September 17, 2024 |
Adobe Flash Player Integer Underflow Vulnerablity | Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code. CVE-2014-0497 | September 17, 2024 |
Adobe Flash Player Incorrect Default Permissions Vulnerability | Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content. CVE-2013-0643 | September 17, 2024 |
Adobe Flash Player Code Execution Vulnerability | Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content. CVE-2013-0648 | September 17, 2024 |
Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V | Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution. CVE-2024-34102 | July 17, 2024 |
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. CVE-2023-38203 | January 8, 2024 |
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. CVE-2023-29300 | January 8, 2024 |
Adobe Acrobat and Reader Use-After-Free Vulnerability | Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user. CVE-2023-21608 | October 10, 2023 |
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability | Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution. CVE-2023-26369 | September 14, 2023 |
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user. CVE-2023-26359 | August 21, 2023 |
Adobe ColdFusion Improper Access Control Vulnerability | Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. CVE-2023-38205 | July 20, 2023 |
Adobe ColdFusion Improper Access Control Vulnerability | Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. CVE-2023-29298 | July 20, 2023 |
Adobe ColdFusion Improper Access Control Vulnerability | Adobe ColdFusion contains an improper access control vulnerability that allows for remote code execution. CVE-2023-26360 | March 15, 2023 |
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability | Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution. CVE-2009-3953 | June 8, 2022 |
Adobe Acrobat and Reader Unspecified Vulnerability | Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times. CVE-2008-0655 | June 8, 2022 |
Adobe Flash Player Memory Corruption Vulnerability | Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service. CVE-2010-1297 | June 8, 2022 |
Adobe Acrobat and Reader Double Free Vulnerability | Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution. CVE-2018-4990 | June 8, 2022 |
Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability | Adobe Flash Player contains a XSS vulnerability which allows remote attackers to inject web script or HTML. CVE-2012-0767 | June 8, 2022 |
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability | Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service. CVE-2009-1862 | June 8, 2022 |
Adobe Acrobat and Reader Use-After-Free Vulnerability | Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file. CVE-2009-4324 | June 8, 2022 |
By the Year
In 2024 there have been 442 vulnerabilities in Adobe with an average score of 6.1 out of ten. Last year Adobe had 590 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Adobe in 2024 could surpass last years number. Last year, the average CVE base score was greater by 0.18
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 442 | 6.11 |
2023 | 590 | 6.29 |
2022 | 421 | 6.80 |
2021 | 317 | 6.80 |
2020 | 306 | 7.46 |
2019 | 41 | 7.63 |
2018 | 91 | 7.58 |
It may take a day or so for new Adobe vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Security Vulnerabilities
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability
CVE-2024-45113
7.5 - High
- September 13, 2024
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access and affect the integrity of the application. Exploitation of this issue does not require user interaction.
authentification
Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-45109
7.8 - High
- September 13, 2024
Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-45108
7.8 - High
- September 13, 2024
Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-43760
7.8 - High
- September 13, 2024
Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a Heap-based Buffer Overflow vulnerability
CVE-2024-43756
7.8 - High
- September 13, 2024
Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Buffer Overflow
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability
CVE-2024-41874
9.8 - Critical
- September 13, 2024
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing crafted input to the application, which when deserialized, leads to execution of malicious code. Exploitation of this issue does not require user interaction.
Marshaling, Unmarshaling
Premiere Pro versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-39384
7.8 - High
- September 13, 2024
Premiere Pro versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Premiere Pro versions 24.5, 23.6.8 and earlier are affected by a Use After Free vulnerability
CVE-2024-39385
5.5 - Medium
- September 13, 2024
Premiere Pro versions 24.5, 23.6.8 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
After Effects versions 23.6.6, 24.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability
CVE-2024-39380
7.8 - High
- September 13, 2024
After Effects versions 23.6.6, 24.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Buffer Overflow
After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-39381
7.8 - High
- September 13, 2024
After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-39382
5.5 - Medium
- September 13, 2024
After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-41859
7.8 - High
- September 13, 2024
After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-41867
5.5 - Medium
- September 13, 2024
After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability
CVE-2024-45112
7.8 - High
- September 13, 2024
Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Object Type Confusion
Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Use After Free vulnerability
CVE-2024-41869
7.8 - High
- September 13, 2024
Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL Pointer Dereference vulnerability
CVE-2024-43759
5.5 - Medium
- September 13, 2024
Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Illustrator versions 28.6, 27.9.5 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-45111
5.5 - Medium
- September 13, 2024
Illustrator versions 28.6, 27.9.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use After Free vulnerability
CVE-2024-43758
7.8 - High
- September 13, 2024
Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability
CVE-2024-34121
7.8 - High
- September 13, 2024
Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer Overflow or Wraparound
Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability
CVE-2024-41857
7.8 - High
- September 13, 2024
Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer underflow
Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-39377
7.8 - High
- September 13, 2024
Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file
CVE-2024-41871
7.8 - High
- September 13, 2024
Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-41870
5.5 - Medium
- September 13, 2024
Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-41872
5.5 - Medium
- September 13, 2024
Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-41873
5.5 - Medium
- September 13, 2024
Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-39378
7.8 - High
- September 11, 2024
Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-41868
5.5 - Medium
- September 11, 2024
Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability
CVE-2024-45107
5.5 - Medium
- September 05, 2024
Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-41879
7.8 - High
- August 26, 2024
Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2024-41844
5.4 - Medium
- August 23, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2024-41845
5.4 - Medium
- August 23, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2024-41846
5.4 - Medium
- August 23, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability
CVE-2024-41847
5.4 - Medium
- August 23, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
XSS
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability
CVE-2024-41848
5.4 - Medium
- August 23, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
XSS
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability
CVE-2024-41849
4.1 - Medium
- August 23, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage this vulnerability to slightly affect the integrity of the page. Exploitation of this issue requires user interaction and scope is changed.
Improper Input Validation
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2024-41875
5.4 - Medium
- August 23, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability
CVE-2024-41876
5.4 - Medium
- August 23, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
XSS
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2024-41877
5.4 - Medium
- August 23, 2024
Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability
CVE-2024-41878
5.4 - Medium
- August 23, 2024
Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link.
XSS
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2024-41843
5.4 - Medium
- August 23, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability
CVE-2024-41842
4.8 - Medium
- August 23, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.
XSS
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability
CVE-2024-41841
5.4 - Medium
- August 23, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
XSS
Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability
CVE-2024-41856
7.8 - High
- August 14, 2024
Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Improper Input Validation
Substance3D - Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability
CVE-2024-39388
7.8 - High
- August 14, 2024
Substance3D - Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
CVE-2024-39420
7 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary code execution. This vulnerability arises when the timing of actions changes the state of a resource between the checking of a condition and the use of the resource, allowing an attacker to manipulate the resource in a harmful way. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
TOCTTOU
Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability
CVE-2024-41856
7.8 - High
- August 14, 2024
Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Improper Input Validation
Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-34133
7.8 - High
- August 14, 2024
Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability
CVE-2024-34118
5.5 - Medium
- August 14, 2024
Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. An attacker could exploit this vulnerability to render the application unresponsive or terminate its execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Improper Input Validation
Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-34134
5.5 - Medium
- August 14, 2024
Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-34135
5.5 - Medium
- August 14, 2024
Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability
CVE-2024-34136
5.5 - Medium
- August 14, 2024
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability
CVE-2024-34137
5.5 - Medium
- August 14, 2024
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability
CVE-2024-34138
5.5 - Medium
- August 14, 2024
Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-34124
7.8 - High
- August 14, 2024
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Dimension versions 3.4.11 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution
CVE-2024-41865
7.8 - High
- August 14, 2024
Dimension versions 3.4.11 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur if the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction.
Untrusted Path
Dimension versions 3.4.11 and earlier are affected by a Use After Free vulnerability
CVE-2024-20789
7.8 - High
- August 14, 2024
Dimension versions 3.4.11 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory
CVE-2024-34125
5.5 - Medium
- August 14, 2024
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-39387
5.5 - Medium
- August 14, 2024
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-41840
7.8 - High
- August 14, 2024
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-39386
7.8 - High
- August 14, 2024
Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-41835
5.5 - Medium
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-41834
5.5 - Medium
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-41833
5.5 - Medium
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-41832
5.5 - Medium
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability
CVE-2024-41831
7.8 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability
CVE-2024-41830
7.8 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file
CVE-2024-39426
7.8 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
CVE-2024-39425
7 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to the affected system and attack complexity is high.
TOCTTOU
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability
CVE-2024-39424
7.8 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-39423
7.8 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability
CVE-2024-39422
7.8 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability
CVE-2024-39383
7.8 - High
- August 14, 2024
Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability
CVE-2024-41866
5.5 - Medium
- August 14, 2024
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory
CVE-2024-34126
5.5 - Medium
- August 14, 2024
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-41854
5.5 - Medium
- August 14, 2024
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability
CVE-2024-34127
5.5 - Medium
- August 14, 2024
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability
CVE-2024-39395
5.5 - Medium
- August 14, 2024
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NULL Pointer Dereference
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability
CVE-2024-41851
7.8 - High
- August 14, 2024
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Integer Overflow or Wraparound
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability
CVE-2024-41850
7.8 - High
- August 14, 2024
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-39394
7.8 - High
- August 14, 2024
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file
CVE-2024-39393
7.8 - High
- August 14, 2024
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability
CVE-2024-41853
7.8 - High
- August 14, 2024
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability
CVE-2024-41852
7.8 - High
- August 14, 2024
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-39391
7.8 - High
- August 14, 2024
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-39390
7.8 - High
- August 14, 2024
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability
CVE-2024-39389
7.8 - High
- August 14, 2024
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption
Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability
CVE-2024-34117
7.8 - High
- August 14, 2024
Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Dangling pointer
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory
CVE-2024-20790
5.5 - Medium
- August 14, 2024
Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Out-of-bounds Read
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability
CVE-2024-39414
4.3 - Medium
- August 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.
Authorization
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability
CVE-2024-39419
4.3 - Medium
- August 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.
AuthZ
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability
CVE-2024-39418
5.4 - Medium
- August 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity information. Exploitation of this issue does not require user interaction.
AuthZ
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability
CVE-2024-39417
4.3 - Medium
- August 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.
AuthZ
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability
CVE-2024-39416
4.3 - Medium
- August 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.
AuthZ
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability
CVE-2024-39415
4.3 - Medium
- August 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.
AuthZ
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability
CVE-2024-39413
4.3 - Medium
- August 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.
AuthZ
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability
CVE-2024-39405
4.3 - Medium
- August 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.
AuthZ
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability
CVE-2024-39407
4.3 - Medium
- August 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.
AuthZ
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability
CVE-2024-39412
4.3 - Medium
- August 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and perform a minor integrity change. Exploitation of this issue does not require user interaction.
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability
CVE-2024-39408
6.3 - Medium
- August 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.
Session Riding
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability
CVE-2024-39410
4.3 - Medium
- August 14, 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue does not require user interaction.
Session Riding