Vulnerabilities > Adobe > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-04-06 CVE-2023-28500 Deserialization of Untrusted Data vulnerability in Adobe Livecycle ES4
A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL.
network
low complexity
adobe CWE-502
critical
9.8
2022-10-14 CVE-2022-38418 Path Traversal vulnerability in Adobe Coldfusion 2018/2021
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
adobe CWE-22
critical
9.8
2022-10-14 CVE-2022-35712 Out-of-bounds Write vulnerability in Adobe Coldfusion 2018/2021
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
adobe CWE-787
critical
9.8
2022-10-14 CVE-2022-35711 Out-of-bounds Write vulnerability in Adobe Coldfusion 2018/2021
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
adobe CWE-787
critical
9.8
2022-10-14 CVE-2022-35710 Out-of-bounds Write vulnerability in Adobe Coldfusion 2018/2021
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
adobe CWE-787
critical
9.8
2022-10-14 CVE-2022-35690 Out-of-bounds Write vulnerability in Adobe Coldfusion 2018/2021
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
adobe CWE-787
critical
9.8
2022-06-15 CVE-2021-40727 Access of Memory Location After End of Buffer vulnerability in Adobe Indesign
Access of Memory Location After End of Buffer (CWE-788
network
adobe CWE-788
critical
9.3
2022-05-11 CVE-2022-28243 Out-of-bounds Read vulnerability in Adobe products
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
network
adobe CWE-125
critical
9.3
2022-05-11 CVE-2022-28242 Use After Free vulnerability in Adobe products
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user.
network
adobe CWE-416
critical
9.3
2022-05-11 CVE-2022-28241 Out-of-bounds Read vulnerability in Adobe products
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
network
adobe CWE-125
critical
9.3