CVE-2022-30678
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. Exploitation of this issue requires low-privilege access to AEM.
Source: CVE-2022-30678
CVE-2022-28855
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Source: CVE-2022-28855
CVE-2022-28856
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Source: CVE-2022-28856
CVE-2022-28857
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Source: CVE-2022-28857
CVE-2022-30680
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. Exploitation of this issue requires low-privilege access to AEM.
Source: CVE-2022-30680
CVE-2021-40017
The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access.
Source: CVE-2021-40017
CVE-2021-40019
Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds access.
Source: CVE-2021-40019
CVE-2020-36601
Out-of-bounds write vulnerability in the kernel modules. Successful exploitation of this vulnerability may cause a panic reboot.
Source: CVE-2020-36601
CVE-2020-36600
Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart.
Source: CVE-2020-36600
CVE-2022-28852
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Source: CVE-2022-28852