Vulnerabilities > Adobe > Coldfusion > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-13 CVE-2024-41874 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2021/2023
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
adobe CWE-502
critical
9.8
2022-10-14 CVE-2022-35690 Out-of-bounds Write vulnerability in Adobe Coldfusion 2018/2021
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
adobe CWE-787
critical
9.8
2020-03-25 CVE-2020-3794 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Adobe Coldfusion 2016/2018
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability.
network
low complexity
adobe CWE-829
critical
9.8
2019-12-19 CVE-2019-8256 Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Coldfusion 2018
ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability.
network
low complexity
adobe CWE-732
critical
9.8
2019-09-27 CVE-2019-8073 Command Injection vulnerability in Adobe Coldfusion 2016/2018
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability.
network
low complexity
adobe CWE-77
critical
9.8
2019-09-27 CVE-2019-8074 Path Traversal vulnerability in Adobe Coldfusion 2016/2018
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability.
network
low complexity
adobe CWE-22
critical
9.8
2019-06-12 CVE-2019-7838 Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability.
network
low complexity
adobe CWE-434
critical
9.8
2019-06-12 CVE-2019-7839 Command Injection vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability.
network
low complexity
adobe CWE-77
critical
9.8
2019-06-12 CVE-2019-7840 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability.
network
low complexity
adobe CWE-502
critical
9.8
2019-05-24 CVE-2019-7091 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability.
network
low complexity
adobe CWE-502
critical
9.8