CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21078 – Adobe Creative Cloud Unquoted Service Path in CCXProcess
https://notcve.org/view.php?id=CVE-2021-21078
Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction Adobe Creative Cloud Desktop Application versiones 5.3 (y anteriores), está afectada por una vulnerabilidad de Ruta de Servicio Sin Comillas en CCXProcess que podría permitir a un atacante lograr una ejecución de código arbitraria en el proceso del usuario actual. Una explotación de este problema requiere una interacción del usuario • https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html • CWE-426: Untrusted Search Path •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21068 – Adobe Creative Cloud installer arbitrary file overwrite vulnerability
https://notcve.org/view.php?id=CVE-2021-21068
Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction. Adobe Creative Cloud Desktop Application versiones 5.3 (y anteriores), está afectada por una vulnerabilidad de manejo de archivos que podría permitir a un atacante causar una sobrescritura de archivos arbitraria. Una explotación de este problema requiere acceso físico e interacción del usuario • https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21069 – Adobe Creative Cloud Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-21069
Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. Adobe Creative Cloud Desktop Application versiones 5.3 (y anteriores), está afectada por una vulnerabilidad de escalada de privilegios local que podría permitir a un atacante llamar funciones contra el instalador para llevar a cabo acciones con altos privilegios. Una explotación de este problema no requiere una interacción del usuario This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Creative Cloud on Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Adobe privileged helper tool. • https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html https://www.zerodayinitiative.com/advisories/ZDI-21-281 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24422 – Uncontrolled Search Path in Creative Cloud Desktop Application
https://notcve.org/view.php?id=CVE-2020-24422
Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Adobe Creative Cloud Desktop Application versión 5.2 (y anteriores) y versión 2.1 (y anteriores) para Windows, está afectada por una vulnerabilidad de ruta de búsqueda no controlada que podría resultar en una ejecución de código arbitraria en el contexto del usuario actual. Una explotación de este problema requiere la interacción del usuario, ya que la víctima debe abrir un archivo malicioso • https://helpx.adobe.com/security/products/creative-cloud/apsb20-68.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9682
https://notcve.org/view.php?id=CVE-2020-9682
Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write. Adobe Creative Cloud Desktop Application versiones 5.1 y anteriores, presentan una vulnerabilidad de enlace simbólico. Una explotación con éxito podría conllevar a una escritura arbitraria del sistema de archivos • https://helpx.adobe.com/security/products/creative-cloud/apsb20-33.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •