CVE-2022-38424 - Path Traversal Vulnerability in Adobe ColdFusion – Exploit Details and Deep Dive
In mid-2022, Adobe released a security advisory addressing a critical vulnerability in its popular Adobe ColdFusion platform. Tracked as CVE-2022-38424, this flaw exposes affected systems
CVE-2022-41623 Data exposure of sensitive information in Villatheme ALD using WooCommerce premium plugin = 1.1.0.
Find and avoid these data leak risks at all costs. These are the major cause of data leakage that can lead to sensitive data exposure
CVE-2022-38986 The HIPP module has a vulnerability that bypasses the check of data transferred in the kernel space. Successful exploitation may cause out-of-bounds access and page table tampering, affecting device confidentiality.
This vulnerability was discovered by security researcher Nils from Red Team. In the advisory issued by RedTeam, the exploitation scenario and PoC code are shown.
CVE-2022-41715 Compiling regular expressions from untrusted sources may lead to memory exhaustion or denial of service.
The new limitation is controlled by the LMAX_REGEXP_MEMORY_MAX config option. The size of the regexp representation is limited to 8 MB by
CVE-2022-36803 The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows an attacker with the People role permission to modify any users role to Super Admin.
It is possible to change any user’s role to Super Admin. The change can be reverted only with the help of a privileged operator.
Episode
00:00:00
00:00:00