It’s Patch Tuesday week!
Adobe has just released the latest June 2019 software updates to address a total 11 security vulnerabilities in its three widely-used products Adobe ColdFusion, Flash Player, and Adobe Campaign.
Out of these, three vulnerabilities affect Adobe ColdFusion, a commercial rapid web application development platform—all critical in severity—that could lead to arbitrary code execution attacks.
Here below you can find brief information about all newly patched ColdFusion flaws:
- CVE-2019-7838 — This vulnerability has been categorised as “File extension blacklist bypass” and can be exploited if the file uploads directory is web accessible.
- CVE-2019-7839 — There’s a command injection vulnerability in ColdFusion 2016 and 2018 editions, but it does not impact ColdFusion version 11.
- CVE-2019-7840 — This flaw originates from the deserialisation of untrusted data and also leads to arbitrary code execution on the system.
Besides ColdFusion, Adobe has patched just one vulnerability (CVE-2019-7845) in the infamous Flash Player software this month, which is also critical in severity and leads to arbitrary code execution on the affected Windows, macOS, Linux or Chrome OS-based system.
This flaw was reported by an anonymous cybersecurity researcher to the Adobe and can now be patched by installing the latest Flash player version 220.127.116.11.
images from Hacker News