NotCVE - vendor:"Adobe" product:"Coldfusion" version:" <= 11.0"

Page 4 of 138 results (0.008 seconds)

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0

CVE-2018-4938

https://notcve.org/view.php?id=CVE-2018-4938

19 May 2018 — Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. Successful exploitation could lead to local privilege escalation. Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de carga de biblioteca no segura. Su explotación con éxito podría conducir al escalado de privilegios locales. • http://www.securityfocus.com/bid/103718 • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0

CVE-2018-4942

https://notcve.org/view.php?id=CVE-2018-4942

19 May 2018 — Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Unsafe XML External Entity Processing vulnerability. Successful exploitation could lead to information disclosure. Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de procesamiento inseguro de entidades externas XML. Su explotación con éxito podría resultar en una divulgación de información. • http://www.securityfocus.com/bid/103718 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 0

CVE-2018-4941

https://notcve.org/view.php?id=CVE-2018-4941

19 May 2018 — Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de Cross-Site Scripting (XSS). Su explotación con éxito podría resultar en una divulgación de información. • http://www.securityfocus.com/bid/103718 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 96%CPEs: 20EXPL: 0

CVE-2018-4939 – Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

https://notcve.org/view.php?id=CVE-2018-4939

19 May 2018 — Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe ColdFusion Update 5 y anteriores y ColdFusion 11 Update 13 y anteriores tienen una vulnerabilidad explotable de deserialización de datos no fiables. La explotación con éxito de esta vulnerabilidad podría permitir la ejecución arbitraria de código. Adobe ColdFusion contains a dese... • http://www.securityfocus.com/bid/103718 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 34%CPEs: 18EXPL: 0

CVE-2017-11283

https://notcve.org/view.php?id=CVE-2017-11283

01 Dec 2017 — Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. Adobe ColdFusion tiene una vulnerabilidad de deserialización de datos no fiables. Esto afecta al Update 4 y a versiones anteriores para ColdFusion 2016 y al Update 12 y versiones anteriores para ColdFusion 11. • http://www.securityfocus.com/bid/100708 • CWE-502: Deserialization of Untrusted Data •

CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0

CVE-2017-11285

https://notcve.org/view.php?id=CVE-2017-11285

01 Dec 2017 — Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. Adobe ColdFusion tiene una vulnerabilidad de Cross-Site Scripting (XSS). Esto afecta al Update 4 y a versiones anteriores para ColdFusion 2016 y al Update 12 y versiones anteriores para ColdFusion 11. • http://www.securityfocus.com/bid/100711 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 34%CPEs: 18EXPL: 0

CVE-2017-11284

https://notcve.org/view.php?id=CVE-2017-11284

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

CVE-2017-11286

https://notcve.org/view.php?id=CVE-2017-11286

01 Dec 2017 — Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. Adobe ColdFusion tiene una vulnerabilidad de inyección de XEE (XML External Entity). Esto afecta al Update 4 y a versiones anteriores para ColdFusion 2016 y al Update 12 y versiones anteriores para ColdFusion 11. • http://www.securityfocus.com/bid/100715 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 6.1EPSS: 0%CPEs: 39EXPL: 0

CVE-2017-3008

https://notcve.org/view.php?id=CVE-2017-3008

27 Apr 2017 — Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability. Adobe ColdFusion 2016 Update 3 y anteriores, ColdFusion 11 update 11 y anteriores, ColdFusion 10 Update 22 y versiones anteriores tienen una vulnerabilidad de cross-site scripting. • http://www.securityfocus.com/bid/98002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 90%CPEs: 39EXPL: 4

CVE-2017-3066 – Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution

https://notcve.org/view.php?id=CVE-2017-3066

27 Apr 2017 — Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successful exploitation could lead to arbitrary code execution. Adobe ColdFusion 2016 Update 3 y anteriores, ColdFusion 11 update 11 y anteriores, ColdFusion 10 Update 22 y anteriores tienen una vulnerabilidad de deserialización de Java en la librería Apache BlazeDS. Una explotación exitosa podría conducir a la ejecución... • https://packetstorm.news/files/id/146285 • CWE-502: Deserialization of Untrusted Data •

1 2 3 4 5