CVE-2022-3636 An issue was found in Linux Kernel, which affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free.
ETMC. The firmware update will be released soon. The detailed information about the patch and the applicable firmware versions can be found on the official
CVE-2022-41742 The NGINX Open Source versions before 1.23.2, 1.22.1, R2 P1, and R1 P1 have a vulnerability in the ngx_http_mp4_module module that might allow a local attacker to execute arbitrary code.
The attacker must be able to serve the malicious file to the victim via HTTP. The following example demonstrates the attack. In the following example,
CVE-2022-43017 OpenCATS v0.9.6 had a reflected XSS vulnerability in the indexFile component.
When uploading an index file via the openCAT admin panel, an attacker can inject malicious code into the file with relative ease. The XSS flaw
CVE-2022-41709 An attacker can execute arbitrary code on any client who views a malicious Markdown file.
NodeIntegration is a Symfony2 component that allows an application to use Node.js modules. When enabled, it exposes the Apache HttpClient library to the application,
CVE-2022-43414 Jenkins NUnit Plugin 0.27 and earlier has an agent-to-controller message that parses files as test results, allowing attackers to control agent processes to obtain test results from files in the attacker's specification.
This can lead to information leakage from the Jenkins environment, such as revealing credentials or sensitive data. Jenkins is not vulnerable to this issue if
Episode
00:00:00
00:00:00