CVE-2022-42114 An XSS vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36 and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.
This issue is due to insufficient sanitization of user input before placing it into the database. As a result, a user with administrative privileges can
CVE-2022-21621 Vulnerability in Oracle VirtualBox that affects prior to 6.1.40 versions.
Oracle Virtualization (OVM) VirtualBox is prone to a high severity remote code execution vulnerability due to improper handling of input parameters in certain functions. An
CVE-2022-21620 Vulnerability in Oracle VirtualBox that affects prior to 6.1.40 versions.
Red Hat says: Red Hat does not provide technical details about this vulnerability, which means that it is still possible to find and exploit the
CVE-2022-39198 Vulnerability in deserialization of dubbo hessian-lite could lead to malicious code execution.
Dubbo Hessian-Lite is a lightweight data integration component. It’s used in scenarios where data needs to be transferred within a single organization between applications
CVE-2022-41547 The MobSF v0.9.2 and below had a LFI vulnerability in the StaticAnalyzer/views.py script.
Exploiting this vulnerability could allow a remote attacker to read arbitrary files on the targeted system. We have updated MobSF to version 0.9.3
Episode
00:00:00
00:00:00