2024

2023

2022

2021

2020

CVE-2020-3761 (v3: 7.5) 25 Mar 2020
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory.

2019

CVE-2019-16468 (v3: 7.5) 15 Jan 2020
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-16469 (v3: 7.5) 15 Jan 2020
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-8072 (v3: 7.5) 27 Sep 2019
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

2018

CVE-2018-19718 (v3: 5.3) 18 Jan 2019
Adobe Connect versions 9.8.1 and earlier have a session token exposure vulnerability. Successful exploitation could lead to exposure of the privileges granted to a session.
CVE-2018-15962 (v3: 5.3) 25 Sep 2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-15964 (v3: 7.5) 25 Sep 2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure.

2017

CVE-2017-16369 (v3: 6.5) 9 Dec 2017
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a Same Origin Policy security bypass vulnerability, affecting files on the local system, etc.
CVE-2017-11273 (v3: 5.5) 9 Dec 2017
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure.
CVE-2017-3111 (v3: 7.5) 9 Dec 2017
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances.
CVE-2017-3107 (v3: 7.5) 11 Aug 2017
Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability.
CVE-2017-3110 (v3: 7.5) 11 Aug 2017
Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability.
CVE-2017-3087 (v3: 7.5) 20 Jun 2017
Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate.
CVE-2017-3067 (v3: 7.5) 9 May 2017
Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms.

2016

CVE-2016-7887 (v3: 7.5) 15 Dec 2016
Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure.
CVE-2016-7888 (v3: 5.3) 15 Dec 2016
Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak.
CVE-2016-7889 (v3: 7.5) 15 Dec 2016
Adobe Digital Editions versions 4.5.2 and earlier has an issue with parsing crafted XML entries that could lead to information disclosure.
CVE-2016-4253 (v3: 5.3) 9 Aug 2016
The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors.
CVE-2016-4169 (v3: 5.3) 9 Aug 2016
Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors.
CVE-2016-1035 (v3: 7.5) 13 Apr 2016
Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors.

2015

CVE-2015-5088 (v2: 5) 15 Jul 2015
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2014-8450, CVE-2015-4449, CVE-2015-4450, CVE-2015-5089, and CVE-2015-5092.
CVE-2015-5089 (v2: 5) 15 Jul 2015
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2014-8450, CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, and CVE-2015-5092.
CVE-2015-4449 (v2: 5) 15 Jul 2015
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2014-8450, CVE-2015-4450, CVE-2015-5088, CVE-2015-5089, and CVE-2015-5092.