Vulnerabilities > Adobe > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-16 | CVE-2023-44361 | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
| 2023-10-13 | CVE-2023-26366 | Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. | 6.8 |
| 2023-10-13 | CVE-2023-26367 | Improper Input Validation vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. | 4.9 |
| 2023-10-13 | CVE-2023-38221 | SQL Injection vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. | 6.6 |
| 2023-10-13 | CVE-2023-38249 | SQL Injection vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. | 6.6 |
| 2023-10-13 | CVE-2023-38250 | SQL Injection vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. | 6.6 |
| 2023-10-13 | CVE-2023-38251 | Resource Exhaustion vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. | 5.3 |
| 2023-10-11 | CVE-2023-38216 | Use After Free vulnerability in Adobe Bridge Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
| 2023-10-11 | CVE-2023-38217 | Out-of-bounds Read vulnerability in Adobe Bridge Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
| 2023-09-14 | CVE-2023-38206 | Unspecified vulnerability in Adobe Coldfusion 2018/2021/2023 Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 5.3 |