Data: CASIE
Trigger word:
listed
Negative Trigger
six
critical
updates
in
the
company
's
latest
round
of
security
fixes
.
On
Tuesday
,
Adobe
said
in
a
security
advisory
that
the
update
impacts
Vulnerability-related.DiscoverVulnerability
ColdFusion
version
11
,
as
well
as
the
2016
and
2018
releases
of
the
web
application
development
platform
.
In
total
,
six
of
the
security
flaws
are deemed
Vulnerability-related.DiscoverVulnerability
critical
.
The
first
set
of
vulnerabilities
--
CVE-2018-15965
,
CVE-2018-15957
,
CVE-2018-15958
,
and
CVE-2018-15959
--
relate
to
the
deserialization
of
untrusted
data
.
In
addition
,
CVE-2018-15961
is
a
security
flaw
which
permits
unrestricted
file
uploads
in
the
software
,
and
the
final
critical
bug
,
CVE-2018-15960
,
is
described as
Vulnerability-related.DiscoverVulnerability
``
use
of
a
component
with
a
known
vulnerability
''
which
can
cause
arbitrary
file
overwrite
.
If
exploited
Vulnerability-related.DiscoverVulnerability
,
all
of
the
above
security
flaws
can
lead
to
arbitrary
code
execution
.
Three
other
bugs
in
ColdFusion
have also been resolved
Vulnerability-related.PatchVulnerability
.
CVE-2018-15962
is
a
flaw
within
directory
listings
that
can
lead
to
information
disclosure
;
CVE-2018-15963
is
a
security
bypass
bug
which
could
permit
attackers
to
create
arbitrary
folders
,
and
CVE-2018-15964
is
another
security
flaw
caused
by
the
use
of
a
component
with
a
known
vulnerability
which
may
cause
data
leaks
.
Adobe
also
released
Vulnerability-related.PatchVulnerability
a
fix
for
Adobe
Flash
Player
on
desktop
Windows
,
macOS
,
and
Linux
machines
,
as
well
as
Flash
for
Google
Chrome
on
Windows
,
macOS
,
Linux
,
and
Chrome
OS
,
versions
30.0.0.154
and
earlier
.
This
security
flaw
,
CVE-2018-15967
is listed
Vulnerability-related.DiscoverVulnerability
as
an
``
important
''
privilege
escalation
bug
which
could
lead
to
information
disclosure
.
Originally
,
Microsoft
listed
Vulnerability-related.DiscoverVulnerability
the
same
vulnerability
as
critical
and
one
which
enabled
attackers
to
perform
remote
code
execution
attacks
.
However
,
Microsoft
has
now
amended
its
advisory
to
reflect
Adobe
's
severity
rating
.
Adobe
is
not
aware
of
any
reports suggesting
Vulnerability-related.DiscoverVulnerability
the
vulnerabilities
have
been exploited
Vulnerability-related.DiscoverVulnerability
in
the
wild
but
recommends
Vulnerability-related.PatchVulnerability
that
users
accept
the
automatic
updates
as
soon
as
possible
.
The
tech
giant
thanked
researchers
including
Matthias
Kaiser
of
Code
White
GmbH
,
Gsrc
from
Venustech-Adlab
,
and
Nick
Bloor
of
Cognitous
for
reporting
Vulnerability-related.DiscoverVulnerability
the
vulnerabilities
.
This
month
's
security
fixes
build
Vulnerability-related.PatchVulnerability
upon
Adobe
's
August
patch
update
,
in
which
11
security
flaws
were resolved
Vulnerability-related.PatchVulnerability
,
including
critical
vulnerabilities
in
Adobe
Acrobat
2017
,
Acrobat
DC
,
and
Acrobat
Reader
DC
on
Windows
and
macOS
machines
.
In
the
same
month
,
the
tech
giant
also
released
Vulnerability-related.PatchVulnerability
an
out-of-schedule
patch
for
Adobe
Photoshop
CC
.
The
security
update
tackled
Vulnerability-related.PatchVulnerability
memory
corruption
bugs
in
the
creative
software
which
,
if
exploited
Vulnerability-related.DiscoverVulnerability
,
could
lead
to
code
execution
.