CVE-2023-42503 - Exploiting Improper Input Validation in Apache Commons Compress (TAR Parsing) for Denial of Service
In late 2023, security researchers identified a Denial of Service (DoS) vulnerability in Apache Commons Compress library, affecting versions between 1.22 through 1.23.
CVE-2023-41081 - Authentication Bypass in Apache Tomcat Connectors (mod_jk) Explained in Simple Terms
Date disclosed: 2023-09-13
Updated summary: 2023-09-28
Impacted Software: Apache Tomcat Connectors (mod_jk) 1.2. – 1.2.48
Fixed in: mod_jk version 1.2.
CVE-2023-40712 - Unmasking Secret Configurations in Apache Airflow Before 2.7.1
Apache Airflow is an open-source tool used by thousands of companies to programmatically author, schedule, and monitor workflows. However, a critical vulnerability has been discovered
CVE-2023-40611 - How Authenticated Users Could Tamper with DAG Run Details in Apache Airflow <2.7.1
Apache Airflow is a popular open-source platform for workflow orchestration. It’s used by data engineers and teams across many industries for automation and scheduling.
CVE-2023-4807 - OpenSSL POLY1305 Bug on Windows 64-bit with AVX512-IFMA — How It Could Break Your Server
A subtle but potentially dangerous flaw has been found in OpenSSL’s implementation of the POLY1305 message authentication code (MAC) when running on Windows 64-bit
Episode
00:00:00
00:00:00