CVE-2022-31066 EdgeX Foundry is an open source project for building a common open framework for IoT edge computing. Before v2.1.1, the /api/v2/config endpoint exposed message bus credentials to local unauthenticated users.
The EdgeX Foundry team will be working on patching all possible insecure messaging channels that were found to be possible entry points for attackers. In
CVE-2022-31054 Argo Events is an automation framework for Kubernetes that uses `ioutil.ReadAll()` before version 1.7.1.
The following versions have been reported to be vulnerable: 1.7.0
1.7.1 To check if your application is vulnerable, open the server&
CVE-2022-28330 - Understanding and Exploiting the Apache HTTP Server mod_isapi Out-of-Bounds Read on Windows
In March 2022, the Apache Software Foundation disclosed a security vulnerability, CVE-2022-28330, affecting the Apache HTTP Server (httpd) versions 2.4.53 and earlier on
CVE-2019-25066 ajenti 2.1.31 is vulnerable to a critical vulnerability in its API. This vulnerability can be used to escalate privileges.
The ajenti component is a dependency of the web server, and as such it is installed on every server. The ajenti component is responsible for
CVE-2022-30522 Apache HTTP Server 2.4.53 may transform inputs with mod_sed that are large, which can lead to large memory allocations and abort.
To work around this issue, configure Apache to limit the size of the buffer used by mod_sed by setting the buffer size. For example,
Episode
00:00:00
00:00:00