CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0CVE-2022-38418 – Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-38418
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) se ven afectadas por una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directori... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 20EXPL: 0CVE-2022-38424 – Adobe ColdFusion Application Server Directory Traversal Arbitrary file system write
https://notcve.org/view.php?id=CVE-2022-38424
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-38419 – Adobe ColdFusion Solr Service XML External Entity Processing Arbitrary file system read
https://notcve.org/view.php?id=CVE-2022-38419
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) se ven afectadas por una vulnerabilidad de Restricción Inapropiada de tipo XML External Entity Reference ("XXE") que podría resultar en una lectura arb... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0CVE-2022-35690 – Adobe ColdFusion ODBC Agent Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-35690
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de desbordamiento del búfer en... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 20EXPL: 0CVE-2022-35710 – Adobe ColdFusion ODBC Server Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-35710
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de desbordamiento del búfer en... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 20EXPL: 0CVE-2022-35711 – Adobe ColdFusion ODBC Server Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-35711
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de desbordamiento del búfer en ... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 20EXPL: 0CVE-2022-35712 – Adobe ColdFusion ODBC Agent Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-35712
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de desbordamiento del búfer en ... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2022-28818 – ColdFusion Reflected Cross-Site Scripting could lead to Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-28818
12 May 2022 — ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. ColdFusion versiones CF2021U3 (y anteriores) y CF2018U13 están afectadas por una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejado. Si un atacante es capaz de convencer a una víctima a visitar una... • https://helpx.adobe.com/security/products/coldfusion/apsb22-22.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-10145
https://notcve.org/view.php?id=CVE-2020-10145
27 May 2021 — The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability. El instalador de Adobe ColdFusion presenta un fallo al ajustar una lista de control de acceso (ACL) segura en el directorio de instalación predeterminado, como C:\ColdFusion2021\. Por defecto, usuarios no privilegiados pueden crear ... • https://www.kb.cert.org/vuls/id/125331 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 29EXPL: 0CVE-2021-21087 – ColdFusion Improper neutralization of web input during page generation could lead to arbitrary JavaScript execution in the browser
https://notcve.org/view.php?id=CVE-2021-21087
15 Apr 2021 — Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction. Las versiones de Adobe Coldfusion 2016 (actualización 16 y anteriores), 2018 (actualización 10 y anteriores) y 2021.0.0.32... • https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •