CVE-2022-35690
- EPSS 72.21%
- Veröffentlicht 14.10.2022 20:15:11
- Zuletzt bearbeitet 21.11.2024 07:11:29
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does...
CVE-2022-28818
- EPSS 43.09%
- Veröffentlicht 12.05.2022 19:15:49
- Zuletzt bearbeitet 21.11.2024 06:57:59
ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may ...
CVE-2020-10145
- EPSS 0.5%
- Veröffentlicht 27.05.2021 21:15:19
- Zuletzt bearbeitet 21.11.2024 04:54:54
The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-e...
CVE-2021-21087
- EPSS 37.1%
- Veröffentlicht 15.04.2021 14:15:16
- Zuletzt bearbeitet 21.11.2024 05:47:32
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse th...
CVE-2020-9672
- EPSS 1.05%
- Veröffentlicht 17.07.2020 00:15:11
- Zuletzt bearbeitet 05.05.2025 17:16:04
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2020-9673
- EPSS 1.05%
- Veröffentlicht 17.07.2020 00:15:11
- Zuletzt bearbeitet 05.05.2025 17:16:04
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2020-3767
- EPSS 3.47%
- Veröffentlicht 26.06.2020 21:15:14
- Zuletzt bearbeitet 21.11.2024 05:31:42
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos).
CVE-2020-3768
- EPSS 0.82%
- Veröffentlicht 26.06.2020 21:15:14
- Zuletzt bearbeitet 21.11.2024 05:31:42
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2020-3796
- EPSS 4.29%
- Veröffentlicht 26.06.2020 21:15:14
- Zuletzt bearbeitet 21.11.2024 05:31:45
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure.
CVE-2020-3761
- EPSS 4.1%
- Veröffentlicht 25.03.2020 20:15:14
- Zuletzt bearbeitet 21.11.2024 05:31:42
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory.