Total
185 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26361 | 1 Adobe | 1 Coldfusion | 2023-03-28 | N/A | 4.9 MEDIUM |
| Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in Arbitrary file system read. Exploitation of this issue does not require user interaction, but does require administrator privileges. | |||||
| CVE-2022-38419 | 1 Adobe | 1 Coldfusion | 2022-10-28 | N/A | 7.5 HIGH |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-38421 | 1 Adobe | 1 Coldfusion | 2022-10-20 | N/A | 7.2 HIGH |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges. | |||||
| CVE-2022-38420 | 1 Adobe | 1 Coldfusion | 2022-10-20 | N/A | 7.5 HIGH |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-35711 | 1 Adobe | 1 Coldfusion | 2022-10-20 | N/A | 9.8 CRITICAL |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. | |||||
| CVE-2022-38418 | 1 Adobe | 1 Coldfusion | 2022-10-20 | N/A | 9.8 CRITICAL |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-35710 | 1 Adobe | 1 Coldfusion | 2022-10-20 | N/A | 9.8 CRITICAL |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. | |||||
| CVE-2022-35712 | 1 Adobe | 1 Coldfusion | 2022-10-20 | N/A | 9.8 CRITICAL |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. | |||||
| CVE-2022-35690 | 1 Adobe | 1 Coldfusion | 2022-10-19 | N/A | 9.8 CRITICAL |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. | |||||
| CVE-2022-38422 | 1 Adobe | 1 Coldfusion | 2022-10-18 | N/A | 7.5 HIGH |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-38423 | 1 Adobe | 1 Coldfusion | 2022-10-18 | N/A | 4.9 MEDIUM |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but does require administrator privileges. | |||||
| CVE-2022-38424 | 1 Adobe | 1 Coldfusion | 2022-10-18 | N/A | 7.2 HIGH |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges. | |||||
| CVE-2022-42341 | 1 Adobe | 1 Coldfusion | 2022-10-18 | N/A | 7.5 HIGH |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-42340 | 1 Adobe | 1 Coldfusion | 2022-10-18 | N/A | 7.5 HIGH |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. | |||||
| CVE-2020-10145 | 1 Adobe | 1 Coldfusion | 2022-08-05 | 7.2 HIGH | 7.8 HIGH |
| The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability. | |||||
| CVE-2020-3794 | 1 Adobe | 1 Coldfusion | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory. | |||||
| CVE-2019-8072 | 1 Adobe | 1 Coldfusion | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | |||||
| CVE-2019-8256 | 1 Adobe | 1 Coldfusion | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2020-3796 | 1 Adobe | 1 Coldfusion | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure. | |||||
| CVE-2020-3761 | 1 Adobe | 1 Coldfusion | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory. | |||||