CVSS: 7.8EPSS: 4%CPEs: 20EXPL: 0CVE-2022-42340 – Adobe ColdFusion Improper Input Validation Arbitrary file system read
https://notcve.org/view.php?id=CVE-2022-42340
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de Comprobación de Entrada Inapropiada que podría resultar en una lectura arbitraria del sistema de archivos. No es requerida una interacción del us... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 32%CPEs: 20EXPL: 0CVE-2022-38418 – Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-38418
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) se ven afectadas por una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directori... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 5%CPEs: 20EXPL: 0CVE-2022-38419 – Adobe ColdFusion Solr Service XML External Entity Processing Arbitrary file system read
https://notcve.org/view.php?id=CVE-2022-38419
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) se ven afectadas por una vulnerabilidad de Restricción Inapropiada de tipo XML External Entity Reference ("XXE") que podría resultar en una lectura arb... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 9%CPEs: 20EXPL: 0CVE-2022-38420 – Adobe ColdFusion Use of Hard-coded Credentials Application denial-of-service
https://notcve.org/view.php?id=CVE-2022-38420
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de Uso de Credenciales Embebidas que podría resultar en una denegación de servicio de la ap... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.3EPSS: 25%CPEs: 20EXPL: 0CVE-2022-38421 – Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-38421
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de Limitación Inapr... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 17%CPEs: 20EXPL: 0CVE-2022-38422 – Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-38422
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) se ven afectadas por una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido ("Salto de Ruta") que p... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 5%CPEs: 20EXPL: 0CVE-2022-38423 – Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-38423
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but does require administrator privileges. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Dire... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 17%CPEs: 20EXPL: 0CVE-2022-38424 – Adobe ColdFusion Application Server Directory Traversal Arbitrary file system write
https://notcve.org/view.php?id=CVE-2022-38424
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 16%CPEs: 20EXPL: 0CVE-2022-35690 – Adobe ColdFusion ODBC Agent Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-35690
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de desbordamiento del búfer en... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 24%CPEs: 20EXPL: 0CVE-2022-35710 – Adobe ColdFusion ODBC Server Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-35710
14 Oct 2022 — Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. Adobe ColdFusion versiones Update 14 (y anteriores) y Update 4 (y anteriores) están afectadas por una vulnerabilidad de desbordamiento del búfer en... • https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •