CVE-2022-31777 - Exploiting Stored XSS in Apache Spark UI through Malicious Log Messages
Apache Spark is one of the most popular open-source engines for distributed data processing. It’s used in everything from data analysis to machine learning,
CVE-2022-42252 - Apache Tomcat’s Smuggling Time Bomb – Explaining the Vulnerability, Exploit Steps, and Prevention
Apache Tomcat is one of the internet’s most trusted open-source web servers for running Java applications. But like all software, Tomcat can sometimes give
CVE-2022-25892 Packages 2.6.1, 3.0.0, and 3.1.1 of muhammara are vulnerable to DoS when supplied with a maliciously crafted PDF file.
This can lead to a crash in the application or to a situation where the package is no longer able to parse the incoming PDF
CVE-2022-2572 In affected versions of Octopus Server, it was possible that the API key/keys of a deleted user were still valid.
As a result, it was possible for that user or group to request access to the API via the management interface. Fixed in Version 3.
CVE-2022-26884 - File Read Vulnerability in Apache DolphinScheduler Log Server - How Attackers Can Steal Sensitive Files
A serious security issue was discovered in Apache DolphinScheduler before version 2..6. This vulnerability, tracked as CVE-2022-26884, allows anyone to read *any file* on
Episode
00:00:00
00:00:00