CVE-2022-37865 - Path Traversal Vulnerability in Apache Ivy — How Attackers Could Write Files Anywhere On Your System
Apache Ivy is a popular dependency manager for Java projects, relied upon in many build systems for resolving, retrieving, and managing project dependencies. With the
CVE-2022-44794 Object First has an issue where a remote attacker can execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters.
An issue was discovered in Object First 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash
CVE-2022-33684 - How the Apache Pulsar C++ and Python Clients Exposed Your OAuth2 Credentials
---
If you use Apache Pulsar with OAuth2. authentication—especially with the C++ or Python client—this long read is for you. In 2022, a
CVE-2022-40747 IBM InfoSphere Information Server is vulnerable to an XML External Entity Injection attack. An attacker could exploit this to reveal sensitive information or consume memory resources.
Information on possible vectors of attack and fixes can be found here. Information on possible vectors of attack and fixes can be found here. CVE-2018-3092
CVE-2022-32287 An attacker can create files outside the target directory using a vulnerability in the FileUtil class of the PEAR management component of Apache UIMA.
An attacker could leverage this vulnerability to create files outside the intended directory structure. The following are some example paths that could be used to
Episode
00:00:00
00:00:00