CVE-2022-42326 - How Xenstore Transactions Could Let Guests Flood Your System
In this long-read post, we’ll take an exclusive deep dive into CVE-2022-42326: a vulnerability discovered in Xen’s Xenstore, where malicious guests can abuse
CVE-2022-3369 - How a Registry Symlink Flaw in bdservicehost.exe Let Attackers Delete Critical Keys on Bitdefender Engines
Summary:
A serious security flaw (CVE-2022-3369) lurked in Bitdefender’s bdservicehost.exe component on Windows. This bug allowed attackers with low privileges to delete sensitive
CVE-2022-25885 - How a Nasty Bug in `muhammara` and `hummus` Could Crash Your Node.js App
If you handle PDF files in Node.js, chances are you’ve used popular packages like muhammara or hummus. These libraries make it easy to
CVE-2022-2572 In affected versions of Octopus Server, it was possible that the API key/keys of a deleted user were still valid.
As a result, it was possible for that user or group to request access to the API via the management interface. Fixed in Version 3.
CVE-2022-40292 - How Unauthenticated User Enumeration Exposed Sensitive Account Data
In 2022, a critical security weakness was discovered in a popular web application, tracking as CVE-2022-40292. This vulnerability allowed attackers to enumerate user accounts without
Episode
00:00:00
00:00:00