Vulnerabilities > Adobe > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-01 | CVE-2021-36037 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. | 4.0 |
| 2021-09-01 | CVE-2021-36038 | Improper Input Validation vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. | 4.0 |
| 2021-09-01 | CVE-2021-36039 | Incorrect Authorization vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the `quoteId` parameter. | 4.0 |
| 2021-09-01 | CVE-2021-36040 | Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. | 6.5 |
| 2021-09-01 | CVE-2021-36042 | Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the API File Option Upload Extension. | 6.5 |
| 2021-09-01 | CVE-2021-36043 | Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. | 6.0 |
| 2021-09-01 | CVE-2021-36044 | Improper Input Validation vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. | 5.0 |
| 2021-09-01 | CVE-2021-36056 | Heap-based Buffer Overflow vulnerability in multiple products XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. | 5.5 |
| 2021-09-01 | CVE-2021-36058 | Integer Overflow or Wraparound vulnerability in multiple products XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. | 5.5 |
| 2021-09-01 | CVE-2021-36061 | Violation of Secure Design Principles vulnerability in Adobe Connect Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the 'pbMode' parameter. | 4.3 |