CVE-2022-38170 Airflow prior to 2.3.4 had an insecure umask that could lead to race condition for world-writable files in the Airflow home directory.
This issue has been fixed by configuring the umask appropriately.
Prior to Apache Airflow version 2.3.4, a config error in one of the
CVE-2022-29063 The Solr plugin is configured to make a RMI request on localhost port 1099.
When executing a remote query, the server, by default, listens for connections on all local endpoints, and if an attacker, on the same subnet, is
CVE-2022-25371 Apache Birt uses the Birt project plugin to create data visualizations and reports.
This issue was resolved in Apache OFBiz 18.12.06 and later. BIRT project plugin has a bug which can be exploited to execute arbitrary
CVE-2022-37435 Insecure permissions allow low-privilege administrators to modify high-privilege administrator's passwords.
It has been discovered that Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue
CVE-2022-1319 - Double Response Packet in Undertow’s AJP Connection Handling (with Exploit Details)
Let's break down CVE-2022-1319, a notable flaw discovered in the Undertow web server – the core HTTP engine for Red Hat JBoss EAP 7
Episode
00:00:00
00:00:00