CVE-2022-39252 Matrix client-server library and encryption library.
Prior to version 0.5, the Matrix client-server protocol did not support encrypted key material. This means that when a user receives a signed room
CVE-2022-29089 Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled contains an information disclosure vulnerability.
Depending on the specific version, you could either update to the latest release or disable Smart Fabric Services. For more information, see the Confirmed Affected
CVE-2022-39263 The Upstash Redis adapter for Next.js gives authentication to Next.js.
Upstash Redis adapter for NextAuth.js is vulnerable to a session fixation bug, which can be exploited by an attacker to hijack the session. This
CVE-2022-22526 Gavazzi UWP3.0 and CPY Car Park Server 2.8.3 have missing authentication, which allows for full access via API.
To avoid this, you have to force authentication by adding a domain name and password to your API requests. For example: /v2/cars/{id}/drive/
CVE-2022-32169 The Bytebase application does not have a low privilege user access restriction to "admin issues", which can be viewed by any user with low privilege. The affected endpoint is "/issue".
This happens because the “Issue” end point is accessible by “Admin” as well as any other user.
To avoid such situation, we need to restrict
Episode
00:00:00
00:00:00