Adobe has resolved Vulnerability-related.PatchVulnerability six critical updates in the company 's latest round of security fixes . On Tuesday , Adobe said in a security advisory that the update impacts Vulnerability-related.DiscoverVulnerability ColdFusion version 11 , as well as the 2016 and 2018 releases of the web application development platform . In total , six of the security flaws are deemed Vulnerability-related.DiscoverVulnerability critical . The first set of vulnerabilities -- CVE-2018-15965 , CVE-2018-15957 , CVE-2018-15958 , and CVE-2018-15959 -- relate to the deserialization of untrusted data . In addition , CVE-2018-15961 is a security flaw which permits unrestricted file uploads in the software , and the final critical bug , CVE-2018-15960 , is described as Vulnerability-related.DiscoverVulnerability `` use of a component with a known vulnerability '' which can cause arbitrary file overwrite . If exploited Vulnerability-related.DiscoverVulnerability , all of the above security flaws can lead to arbitrary code execution . Three other bugs in ColdFusion have also been resolved Vulnerability-related.PatchVulnerability . CVE-2018-15962 is a flaw within directory listings that can lead to information disclosure ; CVE-2018-15963 is a security bypass bug which could permit attackers to create arbitrary folders , and CVE-2018-15964 is another security flaw caused by the use of a component with a known vulnerability which may cause data leaks . Adobe also released Vulnerability-related.PatchVulnerability a fix for Adobe Flash Player on desktop Windows , macOS , and Linux machines , as well as Flash for Google Chrome on Windows , macOS , Linux , and Chrome OS , versions 30.0.0.154 and earlier . This security flaw , CVE-2018-15967 is listed Vulnerability-related.DiscoverVulnerability as an `` important '' privilege escalation bug which could lead to information disclosure . Originally , Microsoft listed Vulnerability-related.DiscoverVulnerability the same vulnerability as critical and one which enabled attackers to perform remote code execution attacks . However , Microsoft has now amended its advisory to reflect Adobe 's severity rating . Adobe is not aware of any reports suggesting Vulnerability-related.DiscoverVulnerability the vulnerabilities have been exploited Vulnerability-related.DiscoverVulnerability in the wild but recommends Vulnerability-related.PatchVulnerability that users accept the automatic updates as soon as possible . The tech giant thanked researchers including Matthias Kaiser of Code White GmbH , Gsrc from Venustech-Adlab , and Nick Bloor of Cognitous for reporting Vulnerability-related.DiscoverVulnerability the vulnerabilities . This month 's security fixes build Vulnerability-related.PatchVulnerability upon Adobe 's August patch update , in which 11 security flaws were resolved Vulnerability-related.PatchVulnerability , including critical vulnerabilities in Adobe Acrobat 2017 , Acrobat DC , and Acrobat Reader DC on Windows and macOS machines . In the same month , the tech giant also released Vulnerability-related.PatchVulnerability an out-of-schedule patch for Adobe Photoshop CC . The security update tackled Vulnerability-related.PatchVulnerability memory corruption bugs in the creative software which , if exploited Vulnerability-related.DiscoverVulnerability , could lead to code execution .

Adobe has resolved Vulnerability-related.PatchVulnerability 11 security flaws in this month 's patch update on the heels of a far larger security round last month in which over a hundred bugs were squashed Vulnerability-related.PatchVulnerability . The patch release impacts Vulnerability-related.PatchVulnerability Adobe Flash , Acrobat and Reader , Experience Manager , and Creative Cloud . Two of the vulnerabilities disclosed Vulnerability-related.DiscoverVulnerability in the release are described Vulnerability-related.DiscoverVulnerability as critical and affect Vulnerability-related.DiscoverVulnerability Acrobat and Reader . In July , Adobe issued Vulnerability-related.PatchVulnerability a security update which patched Vulnerability-related.PatchVulnerability a total of 112 vulnerabilities . The majority of bugs were uncovered Vulnerability-related.DiscoverVulnerability in Adobe Acrobat , but a critical code execution flaw was also resolved Vulnerability-related.PatchVulnerability in Adobe Flash . The critical bugs in this release impact Vulnerability-related.DiscoverVulnerability Adobe Acrobat 2017 , Acrobat DC , and Acrobat Reader DC on Windows and macOS machines . The tech giant says Vulnerability-related.DiscoverVulnerability that exploitation of the security flaws , an out of bounds write issue ( CVE-2018-12808 ) and an untrusted pointer dereference problem ( CVE-2018-12799 ) can lead to arbitrary code execution . The vulnerabilities resolved Vulnerability-related.PatchVulnerability include five bugs in Adobe Flash . An out of bounds read flaw ( CVE-2018-12824 ) , a security bypass error ( CVE-2018-12825 ) , two information disclosure vulnerabilities ( CVE-2018-12826 , CVE-2018-12827 ) , and a privilege escalation flaw ( CVE-2018-12828 ) have all been patched Vulnerability-related.PatchVulnerability . A reflected cross-site scripting flaw ( CVE-2018-12806 ) , input validation bypass ( CVE-2018-12807 ) , and cross-site scripting ( XSS ) bug ( CVE-2018-5005 ) have been patched Vulnerability-related.PatchVulnerability in Adobe Experience Manager versions 6.0 -- 6.4 on all platforms . If exploited Vulnerability-related.DiscoverVulnerability , the security flaws can facilitate sensitive information disclosure and data modification . In addition , a single bug in Adobe Creative Cloud Desktop affecting Vulnerability-related.DiscoverVulnerability versions 4.5.0.324 and earlier versions on Windows systems has been resolved Vulnerability-related.PatchVulnerability . The DLL hijacking vulnerability ( CVE-2018-5003 ) can be exploited Vulnerability-related.DiscoverVulnerability in order for an attacker to escalate privileges on an account . Adobe recommends that users update their software as quickly as possible . Researchers from Trend Micro 's Zero Day Initiative , Palo Alto Networks , Google Project Zero , TenCent , and Cognizant Technology Solutions , among others , were thanked for reporting Vulnerability-related.DiscoverVulnerability the bugs . On Tuesday , Microsoft 's latest round of patches tackled Vulnerability-related.PatchVulnerability a total of 60 vulnerabilities , 19 of which were deemed critical . Two severe security flaws resolved Vulnerability-related.PatchVulnerability in the update are zero-day vulnerabilities which are being actively exploited Vulnerability-related.DiscoverVulnerability in the wild .

Cisco has resolved Vulnerability-related.PatchVulnerability a set of critical vulnerabilities in Policy Suite which permit attackers to cause havoc in the software 's databases . This week , the tech giant released Vulnerability-related.PatchVulnerability a security advisory detailing four vulnerabilities which could place enterprise users at risk of information leaks , account compromise , database tampering , and more . The first vulnerability , CVE-2018-0374 , has earned a CVSS base score of 9.8 . Described as Vulnerability-related.DiscoverVulnerability an unauthenticated bypass bug , the security flaw `` could allow an unauthenticated , remote attacker to connect directly to the Policy Builder database , '' according to Cisco . The bug has been caused by a simple lack of authentication and as there is no requirement for identity verification , Policy Builder databases can be accessed and tampering with without limitation . Cisco Policy Suite releases prior to 18.2.0 are affected Vulnerability-related.DiscoverVulnerability . The second vulnerability , CVE-2018-0375 , is a default password error . The CVSS 9.8 bug is present in Vulnerability-related.DiscoverVulnerability the Cluster Manager of Cisco Policy Suite and could allow an unauthenticated , remote attacker to log in to a vulnerable system using a root account . The serious security problem has emerged Vulnerability-related.DiscoverVulnerability due to the use of undocumented , static user credentials for root accounts . If a hacker has knowledge of these credentials , they can become a root user and are able to execute arbitrary commands . Versions of the software prior to 18.2.0 are vulnerable Vulnerability-related.DiscoverVulnerability to exploit . The third bug , CVE-2018-0376 , is another unauthenticated access problem and is also caused by a lack of authentication measures . `` A successful exploit could allow the attacker to make changes to existing repositories and create new repositories , '' Cisco says Vulnerability-related.DiscoverVulnerability . Cisco Policy Suite versions prior to 18.2.0 are affected Vulnerability-related.DiscoverVulnerability . The fourth security flaw , CVE-2018-0377 , affects Vulnerability-related.DiscoverVulnerability the Open Systems Gateway initiative ( OSGi ) interface of Cisco Policy Suite . There is a lack of authentication within the OSGi interface which permits attackers to circumvent security processes and directly connect to the interface , access any files contained within they wish , and modify any content which is accessible through the process . This vulnerability impacts Vulnerability-related.DiscoverVulnerability Policy Suite versions prior to 18.1.0 . There are no workarounds to circumvent these vulnerabilities . However , patches have been issued to address Vulnerability-related.PatchVulnerability them and Cisco says that no reports have been received which indicate the bugs are being exploited Vulnerability-related.DiscoverVulnerability in the wild . In addition , Cisco has revealed Vulnerability-related.DiscoverVulnerability seven now-patched bugs affecting Vulnerability-related.DiscoverVulnerability SD-WAN solutions . The vulnerabilities included command injection security flaws , a remote code execution bug , and arbitrary file overwrite issues .