CVE-2022-3363 - Business Logic Errors in Rdiffweb (ikus060/rdiffweb) Prior to 2.5.a7 — A Deep Dive
In September 2022, a critical business logic vulnerability (CVE-2022-3363) was disclosed for the widely used backup web interface, Rdiffweb, hosted in the ikus060/rdiffweb GitHub
CVE-2022-3474 - Critical Credential Leak in Bazel’s Remote Asset API Explained
Bazel is a popular build tool from Google, trusted by large companies and open-source developers to manage fast, reliable builds and tests. But like any
CVE-2022-39358 - How Locked Parameters in Metabase Embedded Dashboards Were Bypassed
Metabase is a popular open-source tool for exploring and visualizing data. It’s commonly used to build dashboards and share insights within organizations. One of
CVE-2022-39359 Metabase is data visualization software
When `MB_CUSTOM_GEOJSON_ENABLED` is set to `false`, Metabase will no longer follow GeoJSON map URLs that redirect to private, link-local, or other disallowed
CVE-2022-3667 A critical vulnerability was found in Axiomatic Bento4. This affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp. Manipulation leads to heap-based buffer overflow.
This vulnerability is caused by insufficient validation of input data. It may be exploited by sending specially crafted HTTP requests. It is also possible to
Episode
00:00:00
00:00:00