Filtered by vendor Adobe
Subscriptions
Total
5737 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-45115 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 9.8 Critical |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction. | ||||
CVE-2024-45116 | 1 Adobe | 4 Adobe Commerce, Commerce, Commerce B2b and 1 more | 2024-10-10 | 8.1 High |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction. | ||||
CVE-2024-45117 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 7.6 High |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed. | ||||
CVE-2024-45118 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 6.5 Medium |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction. | ||||
CVE-2024-45119 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 5.5 Medium |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs and have a low impact on both confidentiality and integrity. Exploitation of this issue does not require user interaction and scope is changed. | ||||
CVE-2024-45120 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 4.3 Medium |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction. | ||||
CVE-2024-45121 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 4.3 Medium |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | ||||
CVE-2024-45122 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 4.3 Medium |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. | ||||
CVE-2024-45123 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-10 | 6.1 Medium |
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
CVE-2024-47420 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 5.5 Medium |
Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-47419 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 5.5 Medium |
Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-47418 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 7.8 High |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-47417 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 7.8 High |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-47416 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 7.8 High |
Animate versions 23.0.7, 24.0.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-47415 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 7.8 High |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-47414 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 7.8 High |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-47413 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 7.8 High |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-47412 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 7.8 High |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-47411 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 7.8 High |
Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-47410 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 7.8 High |
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |