CVE-2022-30973 - How a Missed Fix Left Apache Tika’s StandardsExtractingContentHandler Vulnerable
In the fast-moving world of open source, patching security holes is an ongoing challenge—especially when older branches and non-standard features are involved. Let’s
CVE-2022-1348 Logrotate's state file is vulnerable to lock acquisition and release. This could allow for parallel logrotate execution.
The flaw can be exploited by a local attacker by writing log files that cause a specific sequence of actions. On systems that do not
CVE-2022-29599 - How a Tiny Bug in Maven's Commandline Exposed Projects to Shell Injection Attacks
Dependency management tools like Apache Maven are the bedrock of modern Java projects. But even these essential, widely-used tools can hide surprising vulnerabilities with big
CVE-2022-30688 - Local Privilege Escalation in needrestart (.8-3.5) Explained
Update June 2024
If you use Linux and system-update tools, chances are you’ve seen messages about “needrestart”: a utility that tells you which system
CVE-2022-25762 Web apps that use WebSockets after Tomcat 8.5.0 to 8.5.75 or Tomcat 9.0.0.M1 to 9.0.20 can send messages
END>
To work around this issue, you can set the value of the TomcatConnectors.EnablePooling property to false when deploying the application on Tomcat 8.5.
Episode
00:00:00
00:00:00