CVE-2022-38421 ColdFusion versions Update 14 and earlier are affected by an 'Improper Limitation of a Pathname to a Restricted Directory' vulnerability that could allow arbitrary code execution.
Adobe released updates to address this issue in ColdFusion Update 14 and earlier, ColdFusion Update 4 and earlier, ColdFusion MX Update 14 and earlier, ColdFusion
CVE-2022-38419 ColdFusion versions 14 and earlier are affected by an XXE vulnerability that could lead to arbitrary file system read.
If a user visited a malicious website, opened a malicious advertiser tag, or browsed to a malicious URL within an ad unit, an attacker could
CVE-2022-38420 ColdFusion versions Update 14, Update 4 are affected by a Use of Hard-coded Credentials vulnerability that could lead to application denial-of-service.
If a user trusts the application that receives the malformed data, access to the start/stop arbitrary service capability could be exploited. By sending an
CVE-2022-38676 In gpu driver, there is a possible out of bounds write due to a missing bounds check
The fix is to add a bounds check before copying data to user memory.
In Windows, the default gpu driver is not patched. If a
CVE-2022-38688 In telephony service, there is a missing permission check
This can be exploited through a maliciously crafted email where the user is persuaded to open the message with the click of a link. If
Episode
00:00:00
00:00:00