Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Adobe Elements
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-20720 |
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. Published: February 15, 2024; 9:15:46 AM -0500 |
V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2023-22275 |
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction. Published: November 17, 2023; 8:15:08 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-22268 |
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction. Published: November 17, 2023; 8:15:07 AM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-38250 |
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. Published: October 13, 2023; 3:15:41 AM -0400 |
V3.1: 6.6 MEDIUM V2.0:(not available) |
CVE-2023-38249 |
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. Published: October 13, 2023; 3:15:41 AM -0400 |
V3.1: 6.6 MEDIUM V2.0:(not available) |
CVE-2023-38221 |
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. Published: October 13, 2023; 3:15:40 AM -0400 |
V3.1: 6.6 MEDIUM V2.0:(not available) |
CVE-2023-38208 |
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction. Published: August 09, 2023; 4:15:09 AM -0400 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-29297 |
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction. Published: June 15, 2023; 3:15:11 PM -0400 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2022-34235 |
Adobe Premiere Elements version 2020v20 (and earlier) is affected by an Uncontrolled Search Path Element which could lead to Privilege Escalation. An attacker could leverage this vulnerability to obtain admin using an existing low-privileged user. Exploitation of this issue does not require user interaction. Published: August 11, 2022; 11:15:12 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2021-42527 |
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. Published: March 16, 2022; 11:15:14 AM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2021-42526 |
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. Published: March 16, 2022; 11:15:14 AM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2021-40789 |
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: March 16, 2022; 11:15:14 AM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-40788 |
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: March 16, 2022; 11:15:14 AM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-40787 |
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. Published: March 16, 2022; 11:15:14 AM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2021-40786 |
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. Published: March 16, 2022; 11:15:14 AM -0400 |
V3.1: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2021-40785 |
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: March 16, 2022; 11:15:14 AM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-40703 |
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. Published: September 27, 2021; 12:15:10 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2021-40702 |
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. Published: September 27, 2021; 12:15:10 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2021-40701 |
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. Published: September 27, 2021; 12:15:10 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2021-40700 |
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. Published: September 27, 2021; 12:15:10 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |