CVE-2022-34916 Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution attack when a configuration uses a JMS Source with a JNDI LDAP data source URI. An attacker has control of the target LDAP server.
Update configurations to use the java protocol or no protocol for JNDI data source URIs, or remove the JMS Source option. Note that you might
CVE-2022-35734 An API key used by the 'Hulu / ????' App for Android prior to 3.1.2 was hard-coded.
Hacking apps for data analysis may lead to discovery of the hard-coded API key for an external service. The affected version of the app is
CVE-2022-20914 An attacker could exploit a vulnerability in the ERS API of Cisco ISE to obtain sensitive information.
The vulnerability could be exploited remotely via the HTTP protocol. All software releases and imm revisions where the ERS REST API is affected are vulnerable.
CVE-2022-33201 The MailerLite - Signup forms (official) plugin 1.5.7 has a CSRF vulnerability that allows an attacker to change the API key.
This issue happens when a user signs up for a MailerLite account through a WordPress site. During the registration process, an attacker can use a
CVE-2022-2531 An issue was found in GitLab EE older than 15.1.4 and 15.2.1, which could allow an attacker to change repository permissions.
This issue has been fixed in 15.2.1, released on July 20, 2018. For EE version 12.5, please update to version 15.1.
Episode
00:00:00
00:00:00