Adobe Vulnerabilities
| CVE ID | CVSS | Exploit | Patch | Trends |
|---|---|---|---|---|
CVE-2024-6706Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page. | CVSS 6.1 | Exploit | Patched |  |
CVE-2024-52408Unrestricted Upload of File with Dangerous Type vulnerability in Team PushAssist Push Notifications for WordPress by PushAssist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through 3.0.8. | CVSS 9.9 | - | - |  |
CVE-2024-51519Vulnerability of input parameters not being verified in the HDC module
Impact: Successful exploitation of this vulnerability may affect availability. | CVSS 5.5 | - | Patched |  |
CVE-2024-51516Permission control vulnerability in the ability module
Impact: Successful exploitation of this vulnerability may cause features to function abnormally. | CVSS 5.5 | - | Patched |  |
CVE-2024-51510Out-of-bounds access vulnerability in the logo module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. | CVSS 5.5 | - | Patched |  |
CVE-2024-49536Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-49528
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical | CVSS 7.8 | - | Patched |  |
CVE-2024-49527
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Memory leak
Severity: Important
Impact: Memory leak
Severity: Important
Impact: Memory leak
Severity: Important | CVSS 5.5 | - | Patched |  |
CVE-2024-49526
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical | CVSS 7.8 | - | Patched |  |
CVE-2024-49525Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-49524Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated URL or provide specific input to trigger the vulnerability. | CVSS 5.4 | - | - |  |
CVE-2024-49523Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | CVSS 5.4 | - | - |  |
CVE-2024-49522Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-49521Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction. | CVSS 7.7 | - | Patched |  |
CVE-2024-49520Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-49519Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-49518Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-49517Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-49516Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-49515Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-49514Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-49512InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-49511InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-49510InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-49509InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-49508InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-49507InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47556Pre-Auth RCE via Path Traversal | CVSS 9.8 | - | Patched |  |
CVE-2024-47555Missing Authentication - User & System Configuration | CVSS 8.3 | - | - |  |
CVE-2024-47459Substance3D - Sampler versions 4.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-47458Bridge versions 13.0.9, 14.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-47457Illustrator versions 28.7.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-47456Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-47455Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-47454Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-47453Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-47452Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47451Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47450Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47449Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-47446After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-47445After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-47444After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-47443After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47442After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47441After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47440Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-47439Substance3D - Painter versions 10.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-47438Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition vulnerability that could lead to a memory leak. This vulnerability allows an attacker to write a controlled value at a controlled memory location, which could result in the disclosure of sensitive memory content. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-47437Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-47436Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-47435Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-47434Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47433Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47432Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47431Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47430Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47429Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47428Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47427Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47426Substance3D - Painter versions 10.1.0 and earlier are affected by a Double Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47425Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47424Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47423Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which can be automatically processed or executed by the system. Exploitation of this issue requires user interaction. | CVSS 7.8 | - | Patched |  |
CVE-2024-47422Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious path into the search directories, which the application could unknowingly execute. This could allow the attacker to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction. | CVSS 7.8 | - | Patched |  |
CVE-2024-47421Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47420
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Memory leak
Severity: Important
Impact: Memory leak
Severity: Important | CVSS 5.5 | - | Patched |  |
CVE-2024-47419
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Memory leak
Severity: Important | CVSS 5.5 | - | Patched |  |
CVE-2024-47418
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical | CVSS 7.8 | - | Patched |  |
CVE-2024-47417
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical
Impact: Arbitrary code execution
Severity: Critical | CVSS 7.8 | - | Patched |  |
CVE-2024-47416Animate versions 23.0.7, 24.0.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47415Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47414Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47413Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47412Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47411Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47410Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-47023there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | CVSS 8.1 | - | Patched |  |
CVE-2024-45153
Impact: Security feature bypass
Severity: Critical
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Security feature bypass
Severity: Moderate
Impact: Security feature bypass
Severity: Moderate
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important
Impact: Arbitrary code execution
Severity: Important | CVSS 5.4 | - | Patched |  |
CVE-2024-45152Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-45150Dimension versions 4.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-45149Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. | CVSS 4.3 | - | Patched |  |
CVE-2024-45148Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction. | CVSS 8.8 | - | Patched |  |
CVE-2024-45147Bridge versions 13.0.9, 14.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-45146Dimension versions 4.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-45145Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 5.5 | - | Patched |  |
CVE-2024-45144Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-45143Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-45142Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-45141Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-45140Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-45139Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-45138Substance3D - Stager versions 3.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | CVSS 7.8 | - | Patched |  |
CVE-2024-45137InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which, when executed, could run arbitrary code in the context of the server. Exploitation of this issue requires user interaction. | CVSS 7.8 | - | Patched |  |
CVE-2024-45136InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue requires user interaction. | CVSS 7.8 | - | Patched |  |
CVE-2024-45135Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | CVSS 2.7 | - | Patched |  |
CVE-2024-45134Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction. | CVSS 2.7 | - | Patched |  |
CVE-2024-45133Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction. | CVSS 2.7 | - | Patched |  |
CVE-2024-45132Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction. | CVSS 6.5 | - | Patched |  |
CVE-2024-45131Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction. | CVSS 5.4 | - | Patched |  |