CVE-2022-32532 - How Misconfigured Regex Can Let Hackers Bypass Authorization in Apache Shiro (Before 1.9.1)
Apache Shiro is a popular security framework for Java, commonly used to handle authentication and authorization in web applications. In 2022, the project disclosed a
CVE-2022-32999 The cloudlabeling package was discovered to contain a code execution backdoor.
The cloudlabeling package is the most commonly used software package management tool in the Python ecosystem and actively maintained by the Python community. PyPI is
CVE-2022-34305 Tomcat versions 10.1.0 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 do not filter user provided data, which exposes a XSS vulnerability.
This has been fixed in these versions. Apache Tomcat 9.0.0-M1, 8.5.0-8, 8.0.18, 7.x versions and earlier are vulnerable.
CVE-2022-32549 Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection
An attacker may be able to use this to execute denial of service or other attacks. This is a critical issue and all users should
CVE-2022-33915 The Amazon AWS Log4j hotpatch package is affected by a race condition that could lead to a local privilege escalation.
In most cases, the hotpatch will run successfully. However, if the process exec()s a SUID binary and the process has not been observed, the
Episode
00:00:00
00:00:00