Adobe issued an out of band updated today for Experience Manager, Experience Manager Forms, Adobe Acrobat and Reader and Download Manager covering 81 CVEs with many rated as critical.
The company stated that none of the reported issues have been spotted in the wild and noted updates are available for all the products.
Acrobat and Reader received the most patches with 67 vulnerabilities being addressed, the majority of them considered critical. The majority of the critical issues centered on out-of-bounds write, use after free and a heap overflow problems that could lead to arbitrary code execution.
Adobe Experience Manager had 12 CVEs rated important or moderate covering cross-site scripting, XML external entity injection issues among others.
Experience Manager Forms had only a single issue, CVE-2019-8089, that covered a reflected cross-site scripting issue that if exploited could lead to sensitive information disclosure.
The final product included was Download Manager with CVE-2019-8071.