) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:adobe:coldfusion:2018:-
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2019-7839 |
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. Published: June 12, 2019; 12:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
| CVE-2019-7838 |
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution. Published: June 12, 2019; 12:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
| CVE-2019-7092 |
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure . Published: May 24, 2019; 3:29:02 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-7091 |
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. Published: May 24, 2019; 3:29:02 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
| CVE-2019-7816 |
ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution. Published: May 24, 2019; 2:29:01 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
| CVE-2018-15965 |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. Published: September 25, 2018; 9:29:02 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
| CVE-2018-15964 |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure. Published: September 25, 2018; 9:29:01 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2018-15963 |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation. Published: September 25, 2018; 9:29:01 AM -0400 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2018-15962 |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure. Published: September 25, 2018; 9:29:01 AM -0400 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2018-15961 |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. Published: September 25, 2018; 9:29:01 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
| CVE-2018-15960 |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite. Published: September 25, 2018; 9:29:01 AM -0400 |
V3.0: 7.5 HIGH V2.0: 6.4 MEDIUM |
| CVE-2018-15959 |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. Published: September 25, 2018; 9:29:01 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
| CVE-2018-15958 |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. Published: September 25, 2018; 9:29:01 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
| CVE-2018-15957 |
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. Published: September 25, 2018; 9:29:01 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |