Vulnerabilities > Adobe > Coldfusion

DATE CVE VULNERABILITY TITLE RISK
2019-09-27 CVE-2019-8073 Command Injection vulnerability in Adobe Coldfusion 2016/2018
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability.
network
low complexity
adobe CWE-77
critical
 9.8
9.8
2019-09-27 CVE-2019-8072 Unspecified vulnerability in Adobe Coldfusion 2016/2018
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability.
network
low complexity
adobe
7.5
7.5
2019-06-12 CVE-2019-7840 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability.
network
low complexity
adobe CWE-502
critical
 9.8
9.8
2019-06-12 CVE-2019-7839 Command Injection vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability.
network
low complexity
adobe CWE-77
critical
 9.8
9.8
2019-06-12 CVE-2019-7838 Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability.
network
low complexity
adobe CWE-434
critical
 9.8
9.8
2019-05-24 CVE-2019-7092 Cross-site Scripting vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability.
network
low complexity
adobe CWE-79
6.1
6.1
2019-05-24 CVE-2019-7091 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability.
network
low complexity
adobe CWE-502
critical
 9.8
9.8
2019-05-24 CVE-2019-7816 Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability.
network
low complexity
adobe CWE-434
critical
 9.8
9.8
2018-09-25 CVE-2018-15965 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability.
network
low complexity
adobe CWE-502
critical
 9.8
9.8
2018-09-25 CVE-2018-15964 Information Exposure vulnerability in Adobe Coldfusion 11.0/2016/2018
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability.
network
low complexity
adobe CWE-200
7.5
7.5