CVE-2022-39273 The control plane for the data processing platform Flyte is FlyteAdmin. Users who enable the default Flyte's authorization server are exposed to the public internet.
Users who have changed the ExternalAuthorizationServer setting in the config or have overridden it in their Flyte Admin’s settings will not be vulnerable to
CVE-2022-41428 Bento4 v1.6.0-639 was found to have a heap overflow in mp4mux::AP4_BitReader::ReadBits()
This could result in denial of service or possibly lead to code execution.
In addition to this, a memory corruption issue was discovered in the
CVE-2022-41427 Bento4 v1.6.0-639 had a memory leak in the AP4_AvcFrameParser::Feed function.
As a result, a attacker could leverage this issue to crash the application or execute arbitrary code on the system. Note that memory leak vulnerabilities
CVE-2022-42004 Jackson Databind before 2.13.4 can exhaust resources because of a lack of a check in BeanDeserializer._deserializeFromArray.
A resource exhaustion can occur when deserializing a source that contains deeply nested arrays, because the deserializer does not enforce a limit on the depth
CVE-2022-42003 Databind before 2.14.0-rc1 can exhaust resources when UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
This results in excessive calls to primitive value deserializers, which can lead to resource exhaustion. If UNWRAP_SINGLE_VALUE_ARRAYS is disabled and resource exhaustion
Episode
00:00:00
00:00:00