Vulnerabilities > Adobe > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-09 | CVE-2016-4169 | Information Exposure vulnerability in Adobe Experience Manager 6.0.0/6.1.0/6.2.0 Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors. | 5.3 |
| 2016-08-09 | CVE-2016-4168 | Cross-site Scripting vulnerability in Adobe Experience Manager 5.6.1/6.0.0/6.1.0 Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-07-13 | CVE-2016-4247 | Race Condition vulnerability in Adobe Flash Player and Flash Player Desktop Runtime Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information via unspecified vectors. | 5.3 |
| 2016-07-13 | CVE-2016-4178 | Incorrect Authorization vulnerability in Adobe Flash Player and Flash Player Desktop Runtime Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | 4.3 |
| 2016-06-16 | CVE-2016-4164 | Cross-site Scripting vulnerability in Adobe Brackets 1.6 Cross-site scripting (XSS) vulnerability in Adobe Brackets before 1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-06-16 | CVE-2016-4159 | Cross-site Scripting vulnerability in Adobe Coldfusion 10.0/11.0/2016 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-05-11 | CVE-2016-1115 | Improper Input Validation vulnerability in Adobe Coldfusion 10.0/11.0/2016 Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. | 5.9 |
| 2016-05-11 | CVE-2016-1113 | Cross-site Scripting vulnerability in Adobe Coldfusion 10.0/11.0/2016 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-04-22 | CVE-2016-1036 | Cross-site Scripting vulnerability in Adobe Analytics Appmeasurement for Flash Library 4.0 Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-02-10 | CVE-2016-0955 | Cross-site Scripting vulnerability in Adobe Experience Manager 6.1.0 Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog. | 6.1 |