Vulnerabilities > Adobe > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-09 | CVE-2023-38207 | XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. | 7.5 |
| 2023-08-09 | CVE-2023-38208 | OS Command Injection vulnerability in Adobe Commerce Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. | 7.2 |
| 2023-07-20 | CVE-2021-39822 | Out-of-bounds Write vulnerability in Adobe Indesign Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2023-07-12 | CVE-2023-29298 | Unspecified vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 7.5 |
| 2023-07-12 | CVE-2023-29301 | Improper Restriction of Excessive Authentication Attempts vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a Security feature bypass. | 7.5 |
| 2023-07-12 | CVE-2023-29308 | Out-of-bounds Write vulnerability in Adobe Indesign 17.2.1/18.0/18.1 Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2023-07-12 | CVE-2021-43757 | Out-of-bounds Read vulnerability in Adobe Media Encoder Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 7.8 |
| 2023-06-15 | CVE-2023-21618 | Access of Uninitialized Pointer vulnerability in Adobe Substance 3D Designer Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2023-06-15 | CVE-2023-22248 | Incorrect Authorization vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. | 7.5 |
| 2023-06-15 | CVE-2023-29297 | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. | 7.2 |