Vulnerabilities > Adobe > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-09-01 CVE-2021-36039 Incorrect Authorization vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the `quoteId` parameter.
network
low complexity
adobe CWE-863
6.5
2021-09-01 CVE-2021-36043 Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension.
network
high complexity
adobe CWE-918
6.6
2021-09-01 CVE-2021-36056 Heap-based Buffer Overflow vulnerability in multiple products
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user.
local
low complexity
adobe debian CWE-122
5.5
2021-09-01 CVE-2021-36058 Integer Overflow or Wraparound vulnerability in multiple products
XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user.
local
low complexity
adobe debian CWE-190
5.5
2021-09-01 CVE-2021-36061 Violation of Secure Design Principles vulnerability in Adobe Connect
Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the 'pbMode' parameter.
network
low complexity
adobe CWE-657
5.4
2021-09-01 CVE-2021-36062 Cross-site Scripting vulnerability in Adobe Connect
Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
network
low complexity
adobe CWE-79
6.1
2021-09-01 CVE-2021-36063 Cross-site Scripting vulnerability in Adobe Connect
Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.
network
low complexity
adobe CWE-79
6.1
2021-09-01 CVE-2021-36077 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Bridge
Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user.
local
low complexity
adobe CWE-119
5.5
2021-08-24 CVE-2021-28618 Out-of-bounds Read vulnerability in Adobe Animate
Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file.
local
low complexity
adobe CWE-125
5.5
2021-08-24 CVE-2021-28619 Out-of-bounds Read vulnerability in Adobe Animate
Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file.
local
low complexity
adobe CWE-125
5.5