Vulnerabilities > Adobe > Coldfusion > 2016

DATE CVE VULNERABILITY TITLE RISK
2019-09-27 CVE-2019-8072 Information Exposure vulnerability in Adobe Coldfusion 2016/2018
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability.
network
low complexity
adobe CWE-200
5.0
5.0
2019-06-12 CVE-2019-7840 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability.
network
low complexity
adobe CWE-502
critical
 10.0
10
2019-06-12 CVE-2019-7839 Command Injection vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability.
network
low complexity
adobe CWE-77
critical
 10.0
10
2019-06-12 CVE-2019-7838 Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability.
network
low complexity
adobe CWE-434
critical
 10.0
10
2019-05-24 CVE-2019-7092 Cross-site Scripting vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability.
network
adobe CWE-79
4.3
4.3
2019-05-24 CVE-2019-7091 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability.
network
low complexity
adobe CWE-502
critical
 10.0
10
2019-05-24 CVE-2019-7816 Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability.
network
low complexity
adobe CWE-434
critical
 10.0
10
2018-09-25 CVE-2018-15965 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability.
network
low complexity
adobe CWE-502
critical
 10.0
10
2018-09-25 CVE-2018-15964 Information Exposure vulnerability in Adobe Coldfusion 11.0/2016/2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability.
network
low complexity
adobe CWE-200
5.0
5.0
2018-09-25 CVE-2018-15963 Unspecified vulnerability in Adobe Coldfusion 11.0/2016/2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability.
network
low complexity
adobe
5.0
5.0