Vulnerabilities > Adobe > Coldfusion
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-23 | CVE-2023-26361 | Path Traversal vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in Arbitrary file system read. | 4.9 |
| 2022-10-14 | CVE-2022-35690 | Out-of-bounds Write vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
| 2022-10-14 | CVE-2022-35710 | Out-of-bounds Write vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
| 2022-10-14 | CVE-2022-35711 | Out-of-bounds Write vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
| 2022-10-14 | CVE-2022-35712 | Out-of-bounds Write vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
| 2022-10-14 | CVE-2022-38418 | Path Traversal vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. | 9.8 |
| 2022-10-14 | CVE-2022-38419 | XXE vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. | 7.5 |
| 2022-10-14 | CVE-2022-38420 | Use of Hard-coded Credentials vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. | 7.5 |
| 2022-10-14 | CVE-2022-38421 | Path Traversal vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. | 7.2 |
| 2022-10-14 | CVE-2022-38422 | Path Traversal vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. | 7.5 |