CVE-2022-32549 Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection
An attacker may be able to use this to execute denial of service or other attacks. This is a critical issue and all users should
CVE-2022-33915 The Amazon AWS Log4j hotpatch package is affected by a race condition that could lead to a local privilege escalation.
In most cases, the hotpatch will run successfully. However, if the process exec()s a SUID binary and the process has not been observed, the
CVE-2022-31066 EdgeX Foundry is an open source project for building a common open framework for IoT edge computing. Before v2.1.1, the /api/v2/config endpoint exposed message bus credentials to local unauthenticated users.
The EdgeX Foundry team will be working on patching all possible insecure messaging channels that were found to be possible entry points for attackers. In
CVE-2022-31054 Argo Events is an automation framework for Kubernetes that uses `ioutil.ReadAll()` before version 1.7.1.
The following versions have been reported to be vulnerable: 1.7.0
1.7.1 To check if your application is vulnerable, open the server&
CVE-2022-28330 - Understanding and Exploiting the Apache HTTP Server mod_isapi Out-of-Bounds Read on Windows
In March 2022, the Apache Software Foundation disclosed a security vulnerability, CVE-2022-28330, affecting the Apache HTTP Server (httpd) versions 2.4.53 and earlier on
Episode
00:00:00
00:00:00