Filtered by vendor Adobe
Subscriptions
Filtered by product Coldfusion
Subscriptions
Total
149 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-4940 | 1 Adobe | 1 Coldfusion | 2024-08-05 | 6.1 Medium |
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. | ||||
CVE-2019-8256 | 1 Adobe | 1 Coldfusion | 2024-08-04 | 9.8 Critical |
ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation. | ||||
CVE-2019-8074 | 1 Adobe | 1 Coldfusion | 2024-08-04 | 9.8 Critical |
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user. | ||||
CVE-2019-8073 | 1 Adobe | 1 Coldfusion | 2024-08-04 | 9.8 Critical |
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user. | ||||
CVE-2019-8072 | 1 Adobe | 1 Coldfusion | 2024-08-04 | 7.5 High |
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | ||||
CVE-2019-7840 | 1 Adobe | 1 Coldfusion | 2024-08-04 | N/A |
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
CVE-2019-7839 | 1 Adobe | 1 Coldfusion | 2024-08-04 | N/A |
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
CVE-2019-7838 | 1 Adobe | 1 Coldfusion | 2024-08-04 | N/A |
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
CVE-2019-7816 | 1 Adobe | 1 Coldfusion | 2024-08-04 | N/A |
ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
CVE-2019-7092 | 1 Adobe | 1 Coldfusion | 2024-08-04 | N/A |
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure . | ||||
CVE-2019-7091 | 1 Adobe | 1 Coldfusion | 2024-08-04 | N/A |
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
CVE-2020-10145 | 1 Adobe | 1 Coldfusion | 2024-08-04 | 7.8 High |
The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability. | ||||
CVE-2020-9672 | 1 Adobe | 1 Coldfusion | 2024-08-04 | 7.8 High |
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | ||||
CVE-2020-9673 | 1 Adobe | 1 Coldfusion | 2024-08-04 | 7.8 High |
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | ||||
CVE-2020-3796 | 1 Adobe | 1 Coldfusion | 2024-08-04 | 6.5 Medium |
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure. | ||||
CVE-2020-3794 | 1 Adobe | 1 Coldfusion | 2024-08-04 | 9.8 Critical |
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory. | ||||
CVE-2020-3768 | 1 Adobe | 1 Coldfusion | 2024-08-04 | 7.8 High |
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. | ||||
CVE-2020-3767 | 1 Adobe | 1 Coldfusion | 2024-08-04 | 6.5 Medium |
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos). | ||||
CVE-2020-3761 | 1 Adobe | 1 Coldfusion | 2024-08-04 | 7.5 High |
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory. | ||||
CVE-2023-44352 | 1 Adobe | 1 Coldfusion | 2024-08-02 | 6.1 Medium |
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |