CVE-2022-29915 The Performance API did not properly hide the fact whether a request has observed redirects. This issue is resolved.
This issue has been fixed in Firefox version 101.
In Firefox 101, the Performance API incorrectly returned false when the user navigated from an origin
CVE-2022-41800 An Administrator user can bypass appliance mode restrictions with an undisclosed iControl REST endpoint.
While running in VE, an attacker may be able to access iControl REST endpoints with an unauthenticated user, bypassing VE restrictions. Exploits of VE, like
CVE-2022-30122 - How a Quiet Rack Vulnerability Could Take Down Your Ruby App
If you run Rails or Sinatra apps, it’s very likely you’ve relied on Rack—the foundation for most Ruby web applications. In 2022,
CVE-2022-35255 - Weak Randomness in WebCrypto KeyGen in Node.js 18
Node.js is a popular platform for building web apps and servers, but even top projects are not immune to serious bugs. In mid-2022, security
CVE-2022-43548 An OS command injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed due to IsIPAddress not properly checking if an IP address is invalid.
The issue can be exploited by an attacker via a remote code execution attack. The vulnerability can be exploited by an attacker to execute arbitrary
Episode
00:00:00
00:00:00