CVE-2022-35710 ColdFusion versions Update 14 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could allow arbitrary code execution in the context of the current user.
This update also addresses a high severity vulnerability in ColdFusion that could be exploited to create arbitrary files on the remote system. This issue was
CVE-2022-38669 In soundrecorder service, there is a missing permission check
There is also a race condition in handling of screenshots when recording. There is a blocking call in the service that might lead to a
CVE-2022-38698 In messaging service, there is a missing permission check
There is a missing permission check in messages service. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.
CVE-2022-41715 Compiling regular expressions from untrusted sources may lead to memory exhaustion or denial of service.
The new limitation is controlled by the LMAX_REGEXP_MEMORY_MAX config option. The size of the regexp representation is limited to 8 MB by
CVE-2022-35044 An OTFCC commit with 617837b contains a heap buffer overflow.
This issue can be exploited to gain remote code execution on the system. It has been reported that the following RedHat packages are affected: RedHat
Episode
00:00:00
00:00:00