Vulnerabilidades em Adobe

4.483 resultados
Análise Vexday

Com 4.472 CVEs catalogadas e 237 surgidas nos últimos 90 dias, a superfície de ataque do portfólio Adobe apresenta volume expressivo e ritmo contínuo de descobertas. A taxa de exploração ativa — 18 entradas no CISA KEV — está em linha com a média geral do catálogo, mas o EPSS de 0,9999 associado à CVE-2024-34102 indica probabilidade máxima de exploração para essa vulnerabilidade específica, exigindo atenção imediata de equipes de resposta. O tipo de falha mais comum é CWE-79 (Cross-Site Scripting), o que sugere fragilidades persistentes na sanitização de entrada em componentes voltados à renderização de conteúdo. A existência de 30 CVEs com prova de conceito pública, combinada a 105 de severidade crítica, reforça a necessidade de priorização rigorosa no ciclo de patching para produtos Adobe em ambientes expostos.

CVE-2023-44323MEDIUMPDF Jbig2 memory-corruption Vulnerability - MSFT T5EPSS 1.4%CVE-2023-22272HIGHZDI-CAN-21309: Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Information Disclosure VulnerabilityEPSS 1.4%CVE-2024-34110HIGHRCE in the Adobe Commerce Webhook module through a legit webhook definitionEPSS 1.4%CVE-2021-28601LOWAdobe After Effects NULL Pointer Dereference vulnerabilityEPSS 1.4%CVE-2021-43748MEDIUMAdobe Premiere Rush NULL Pointer Dereference Local Denial-of-ServiceEPSS 1.4%CVE-2021-43749MEDIUMAdobe Premiere Rush NULL Pointer Dereference Local Denial-of-ServiceEPSS 1.4%CVE-2021-42733MEDIUMAdobe Bridge NULL Pointer Dereference could lead to Application denial-of-serviceEPSS 1.4%CVE-2021-43750MEDIUMAdobe Premiere Rush NULL Pointer Dereference Local Denial-of-ServiceEPSS 1.4%CVE-2023-44324CRITICALZDI-CAN-21344: Adobe FrameMaker Publishing Server Authentication Bypass VulnerabilityEPSS 1.4%CVE-2021-40727HIGHAdobe InDesign crashes when parsing the TIF fileEPSS 1.4%CVE-2022-42343MEDIUMAdobe Campaign Classic Server-Side Request Forgery Arbitrary file system readEPSS 1.4%CVE-2020-3808Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. SucceEPSS 1.4%CVE-2021-36063MEDIUMAdobe Connect Reflected Cross-site Scripting via 'isTabletDeviceHTML' parameterEPSS 1.4%CVE-2021-36062MEDIUMAdobe Connect Reflected Cross-site Scripting via 'campaign-id' parameterEPSS 1.4%CVE-2023-22275HIGHZDI-CAN-21306: Adobe RoboHelp Server GetNewUserId SQL Injection Information Disclosure VulnerabilityEPSS 1.3%CVE-2021-28627MEDIUMAdobe Experience Manager Server-side Request Forgery could lead to Security feature bypassEPSS 1.3%CVE-2021-28626LOWAdobe Experience Manager Improper Authorization at /content/usergeneratedEPSS 1.3%CVE-2022-30670HIGHEscalate Privileges to Server Admin - Robohelp ServerEPSS 1.3%CVE-2021-40756MEDIUMAdobe After Effects NULL Pointer Dereference Application Denial of ServiceEPSS 1.3%CVE-2021-40761MEDIUMAdobe After Effects NULL Pointer Dereference Application Denial of ServiceEPSS 1.3%