Adobe Adobe Based in San Jose, best known for creating Photoshop, Acrobat (PDF).

Do you want an email whenever new security vulnerabilities are reported in any Adobe product?

Products by Adobe Sorted by Most Security Vulnerabilities since 2018

Adobe Experience Manager505 vulnerabilities
Adobe Experience Manager (AEM), is a comprehensive content management solution for building websites, mobile apps and forms

Adobe ColdFusion99 vulnerabilities
Web application server since 1995. Tag or script based programming language CFML.

Adobe Acrobat91 vulnerabilities
Application for working with PDF documents

Adobe Commerce80 vulnerabilities

Adobe Magento56 vulnerabilities

Adobe Commerce46 vulnerabilities

Adobe Magento Open Source32 vulnerabilities

Adobe Substance 3d Painter23 vulnerabilities

Adobe Dimension21 vulnerabilities

Adobe Connect20 vulnerabilities

Adobe Indesign17 vulnerabilities

Adobe Illustrator17 vulnerabilities

Adobe Digital Editions12 vulnerabilities

Adobe Creative Cloud Desktop Application11 vulnerabilities
The desktop client for Adobe Creative Cloud

Adobe Bridge11 vulnerabilities

Adobe Substance 3d Sampler10 vulnerabilities

Adobe Photoshop10 vulnerabilities
Popular Photo Editing Software

Adobe Framemaker10 vulnerabilities

Adobe Animate8 vulnerabilities

Adobe Media Encoder7 vulnerabilities

Adobe After Effects7 vulnerabilities

Adobe Substance 3d Designer6 vulnerabilities

Adobe Premiere Rush5 vulnerabilities

Adobe Audition4 vulnerabilities

Adobe Incopy3 vulnerabilities

Adobe Acrobat Dc2 vulnerabilities

Adobe Substance 3d Stager2 vulnerabilities

Adobe Acrobat Reader2 vulnerabilities

Adobe Premiere Pro2 vulnerabilities

Adobe Photoshop Elements2 vulnerabilities

Adobe Acrobat Reader Dc2 vulnerabilities

Adobe Magento Commerce2 vulnerabilities

Adobe Director1 vulnerability

Adobe Ops Cli1 vulnerability

Adobe Premiere Elements1 vulnerability

Adobe Character Animator1 vulnerability

Adobe Premiere Pro Cc1 vulnerability

Adobe Robohelp1 vulnerability

Adobe Robohelp Server1 vulnerability

Adobe Captivate1 vulnerability

Recent Adobe Security Advisories

Advisory Title Published
APSB24-72 Security updates available for Adobe Photoshop | APSB24-72 September 10, 2024
APSB24-66 Security Updates Available for Adobe Illustrator | APSB24-66 September 10, 2024
APSB24-53 Security Updates Available for Adobe Media Encoder | APSB24-53 September 10, 2024
APSB24-71 Security updates available for Adobe ColdFusion | APSB24-71 September 10, 2024
APSB24-70 Prenotification Security Advisory for Adobe Acrobat and Reader  | APSB24-70 September 10, 2024
APSB24-54 Security Updates Available for Adobe Audition | APSB24-54 September 10, 2024
APSB24-61 Security Updates Available for Adobe Commerce | APSB24-61 August 14, 2024
APSB24-49 Security updates available for Adobe Photoshop | APSB24-49 August 14, 2024
APSB24-56 Security Update Available for Adobe InDesign | APSB24-56 August 14, 2024
APSB24-45 Security Updates Available for Adobe Illustrator | APSB24-45 August 14, 2024

Known Exploited Adobe Vulnerabilities

The following Adobe vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Adobe Flash Player Double Free Vulnerablity Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code. CVE-2014-0502 September 17, 2024
Adobe Flash Player Integer Underflow Vulnerablity Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code. CVE-2014-0497 September 17, 2024
Adobe Flash Player Incorrect Default Permissions Vulnerability Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content. CVE-2013-0643 September 17, 2024
Adobe Flash Player Code Execution Vulnerability Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content. CVE-2013-0648 September 17, 2024
Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) V Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution. CVE-2024-34102 July 17, 2024
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. CVE-2023-38203 January 8, 2024
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. CVE-2023-29300 January 8, 2024
Adobe Acrobat and Reader Use-After-Free Vulnerability Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user. CVE-2023-21608 October 10, 2023
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution. CVE-2023-26369 September 14, 2023
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user. CVE-2023-26359 August 21, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. CVE-2023-38205 July 20, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. CVE-2023-29298 July 20, 2023
Adobe ColdFusion Improper Access Control Vulnerability Adobe ColdFusion contains an improper access control vulnerability that allows for remote code execution. CVE-2023-26360 March 15, 2023
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution. CVE-2009-3953 June 8, 2022
Adobe Acrobat and Reader Unspecified Vulnerability Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times. CVE-2008-0655 June 8, 2022
Adobe Flash Player Memory Corruption Vulnerability Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service. CVE-2010-1297 June 8, 2022
Adobe Acrobat and Reader Double Free Vulnerability Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution. CVE-2018-4990 June 8, 2022
Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability Adobe Flash Player contains a XSS vulnerability which allows remote attackers to inject web script or HTML. CVE-2012-0767 June 8, 2022
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service. CVE-2009-1862 June 8, 2022
Adobe Acrobat and Reader Use-After-Free Vulnerability Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file. CVE-2009-4324 June 8, 2022

By the Year

In 2024 there have been 442 vulnerabilities in Adobe with an average score of 6.1 out of ten. Last year Adobe had 590 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Adobe in 2024 could surpass last years number. Last year, the average CVE base score was greater by 0.18

Year Vulnerabilities Average Score
2024 442 6.11
2023 590 6.29
2022 421 6.80
2021 317 6.80
2020 306 7.46
2019 41 7.63
2018 91 7.58

It may take a day or so for new Adobe vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Adobe Security Vulnerabilities

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability

CVE-2024-45113 7.5 - High - September 13, 2024

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access and affect the integrity of the application. Exploitation of this issue does not require user interaction.

authentification

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-45109 7.8 - High - September 13, 2024

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-45108 7.8 - High - September 13, 2024

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-43760 7.8 - High - September 13, 2024

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a Heap-based Buffer Overflow vulnerability

CVE-2024-43756 7.8 - High - September 13, 2024

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow

ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability

CVE-2024-41874 9.8 - Critical - September 13, 2024

ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability by providing crafted input to the application, which when deserialized, leads to execution of malicious code. Exploitation of this issue does not require user interaction.

Marshaling, Unmarshaling

Premiere Pro versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-39384 7.8 - High - September 13, 2024

Premiere Pro versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Premiere Pro versions 24.5, 23.6.8 and earlier are affected by a Use After Free vulnerability

CVE-2024-39385 5.5 - Medium - September 13, 2024

Premiere Pro versions 24.5, 23.6.8 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

After Effects versions 23.6.6, 24.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability

CVE-2024-39380 7.8 - High - September 13, 2024

After Effects versions 23.6.6, 24.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-39381 7.8 - High - September 13, 2024

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-39382 5.5 - Medium - September 13, 2024

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-41859 7.8 - High - September 13, 2024

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-41867 5.5 - Medium - September 13, 2024

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability

CVE-2024-45112 7.8 - High - September 13, 2024

Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Object Type Confusion

Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Use After Free vulnerability

CVE-2024-41869 7.8 - High - September 13, 2024

Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL Pointer Dereference vulnerability

CVE-2024-43759 5.5 - Medium - September 13, 2024

Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NULL Pointer Dereference

Illustrator versions 28.6, 27.9.5 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-45111 5.5 - Medium - September 13, 2024

Illustrator versions 28.6, 27.9.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use After Free vulnerability

CVE-2024-43758 7.8 - High - September 13, 2024

Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability

CVE-2024-34121 7.8 - High - September 13, 2024

Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Integer Overflow or Wraparound

Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability

CVE-2024-41857 7.8 - High - September 13, 2024

Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Integer underflow

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-39377 7.8 - High - September 13, 2024

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file

CVE-2024-41871 7.8 - High - September 13, 2024

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-41870 5.5 - Medium - September 13, 2024

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-41872 5.5 - Medium - September 13, 2024

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-41873 5.5 - Medium - September 13, 2024

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-39378 7.8 - High - September 11, 2024

Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-41868 5.5 - Medium - September 11, 2024

Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability

CVE-2024-45107 5.5 - Medium - September 05, 2024

Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-41879 7.8 - High - August 26, 2024

Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2024-41844 5.4 - Medium - August 23, 2024

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2024-41845 5.4 - Medium - August 23, 2024

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2024-41846 5.4 - Medium - August 23, 2024

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2024-41847 5.4 - Medium - August 23, 2024

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2024-41848 5.4 - Medium - August 23, 2024

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability

CVE-2024-41849 4.1 - Medium - August 23, 2024

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage this vulnerability to slightly affect the integrity of the page. Exploitation of this issue requires user interaction and scope is changed.

Improper Input Validation

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2024-41875 5.4 - Medium - August 23, 2024

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2024-41876 5.4 - Medium - August 23, 2024

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2024-41877 5.4 - Medium - August 23, 2024

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability

CVE-2024-41878 5.4 - Medium - August 23, 2024

Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link.

XSS

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2024-41843 5.4 - Medium - August 23, 2024

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability

CVE-2024-41842 4.8 - Medium - August 23, 2024

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victims browser when they browse to the page containing the vulnerable field.

XSS

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability

CVE-2024-41841 5.4 - Medium - August 23, 2024

Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

XSS

Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability

CVE-2024-41856 7.8 - High - August 14, 2024

Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Improper Input Validation

Substance3D - Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability

CVE-2024-39388 7.8 - High - August 14, 2024

Substance3D - Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

CVE-2024-39420 7 - High - August 14, 2024

Acrobat Reader versions 20.005.30636, 24.002.21005, 24.001.30159, 20.005.30655, 24.002.20965, 24.002.20964, 24.001.30123, 24.003.20054 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary code execution. This vulnerability arises when the timing of actions changes the state of a resource between the checking of a condition and the use of the resource, allowing an attacker to manipulate the resource in a harmful way. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

TOCTTOU

Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability

CVE-2024-41856 7.8 - High - August 14, 2024

Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Improper Input Validation

Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-34133 7.8 - High - August 14, 2024

Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability

CVE-2024-34118 5.5 - Medium - August 14, 2024

Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. An attacker could exploit this vulnerability to render the application unresponsive or terminate its execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Improper Input Validation

Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-34134 5.5 - Medium - August 14, 2024

Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-34135 5.5 - Medium - August 14, 2024

Illustrator versions 28.5, 27.9.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability

CVE-2024-34136 5.5 - Medium - August 14, 2024

Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NULL Pointer Dereference

Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability

CVE-2024-34137 5.5 - Medium - August 14, 2024

Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NULL Pointer Dereference

Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability

CVE-2024-34138 5.5 - Medium - August 14, 2024

Illustrator versions 28.5, 27.9.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NULL Pointer Dereference

Dimension versions 3.4.11 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-34124 7.8 - High - August 14, 2024

Dimension versions 3.4.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Dimension versions 3.4.11 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution

CVE-2024-41865 7.8 - High - August 14, 2024

Dimension versions 3.4.11 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur if the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction.

Untrusted Path

Dimension versions 3.4.11 and earlier are affected by a Use After Free vulnerability

CVE-2024-20789 7.8 - High - August 14, 2024

Dimension versions 3.4.11 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory

CVE-2024-34125 5.5 - Medium - August 14, 2024

Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-39387 5.5 - Medium - August 14, 2024

Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-41840 7.8 - High - August 14, 2024

Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-39386 7.8 - High - August 14, 2024

Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-41835 5.5 - Medium - August 14, 2024

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-41834 5.5 - Medium - August 14, 2024

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-41833 5.5 - Medium - August 14, 2024

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-41832 5.5 - Medium - August 14, 2024

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability

CVE-2024-41831 7.8 - High - August 14, 2024

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability

CVE-2024-41830 7.8 - High - August 14, 2024

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file

CVE-2024-39426 7.8 - High - August 14, 2024

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

CVE-2024-39425 7 - High - August 14, 2024

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to privilege escalation. Exploitation of this issue require local low-privilege access to the affected system and attack complexity is high.

TOCTTOU

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability

CVE-2024-39424 7.8 - High - August 14, 2024

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-39423 7.8 - High - August 14, 2024

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability

CVE-2024-39422 7.8 - High - August 14, 2024

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability

CVE-2024-39383 7.8 - High - August 14, 2024

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability

CVE-2024-41866 5.5 - Medium - August 14, 2024

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NULL Pointer Dereference

Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory

CVE-2024-34126 5.5 - Medium - August 14, 2024

Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-41854 5.5 - Medium - August 14, 2024

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability

CVE-2024-34127 5.5 - Medium - August 14, 2024

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability

CVE-2024-39395 5.5 - Medium - August 14, 2024

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

NULL Pointer Dereference

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability

CVE-2024-41851 7.8 - High - August 14, 2024

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Integer Overflow or Wraparound

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability

CVE-2024-41850 7.8 - High - August 14, 2024

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-39394 7.8 - High - August 14, 2024

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file

CVE-2024-39393 7.8 - High - August 14, 2024

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability

CVE-2024-41853 7.8 - High - August 14, 2024

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability

CVE-2024-41852 7.8 - High - August 14, 2024

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-39391 7.8 - High - August 14, 2024

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-39390 7.8 - High - August 14, 2024

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability

CVE-2024-39389 7.8 - High - August 14, 2024

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability

CVE-2024-34117 7.8 - High - August 14, 2024

Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Dangling pointer

Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory

CVE-2024-20790 5.5 - Medium - August 14, 2024

Dimension versions 3.4.11 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Out-of-bounds Read

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

CVE-2024-39414 4.3 - Medium - August 14, 2024

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

Authorization

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

CVE-2024-39419 4.3 - Medium - August 14, 2024

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.

AuthZ

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

CVE-2024-39418 5.4 - Medium - August 14, 2024

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures to view and edit low-sensitivity information. Exploitation of this issue does not require user interaction.

AuthZ

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

CVE-2024-39417 4.3 - Medium - August 14, 2024

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

AuthZ

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

CVE-2024-39416 4.3 - Medium - August 14, 2024

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

AuthZ

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

CVE-2024-39415 4.3 - Medium - August 14, 2024

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

AuthZ

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

CVE-2024-39413 4.3 - Medium - August 14, 2024

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information. Exploitation of this issue does not require user interaction.

AuthZ

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

CVE-2024-39405 4.3 - Medium - August 14, 2024

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.

AuthZ

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

CVE-2024-39407 4.3 - Medium - August 14, 2024

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information. Exploitation of this issue does not require user interaction.

AuthZ

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability

CVE-2024-39412 4.3 - Medium - August 14, 2024

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and perform a minor integrity change. Exploitation of this issue does not require user interaction.

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability

CVE-2024-39408 6.3 - Medium - August 14, 2024

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.

Session Riding

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability

CVE-2024-39410 4.3 - Medium - August 14, 2024

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue does not require user interaction.

Session Riding

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.