Total
165 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10145 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability. | |||||
| CVE-2019-8256 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2019-8074 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user. | |||||
| CVE-2019-8073 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user. | |||||
| CVE-2019-8072 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | |||||
| CVE-2019-7840 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7839 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7838 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7816 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7092 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure . | |||||
| CVE-2019-7091 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-4942 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-4941 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-4940 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-4938 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation. | |||||
| CVE-2018-15965 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-15964 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-15963 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation. | |||||
| CVE-2018-15962 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-15960 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite. | |||||