CVE-2022-34113 An issue in Dataease's API plugin upload component allows attackers to execute arbitrary code.
A issue in the component /api/system of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.
RCE is possible
CVE-2022-0974 In Splitscreen, an attacker can exploit heap corruption in Google Chrome on Chrome OS before 99.0.4844.74 if the victim engages in specific user interaction.
This issue was fixed by updating chromium to version 66.0.3359.84. CVE-2018-5407 An issue was discovered in certain Google API Withdrawal requests. An
CVE-2022-21549 Oracle Java SE, Oracle GraalVM Enterprise Edition is affected by a vulnerability in the Libraries component. The vulnerability could allow a remote attacker to obtain system privileges.
by using the sendMessage API with a crafted object. The attacker cannot inject malicious code using the Java language, but can instead use scripting languages
CVE-2022-21540 Oracle Java SE product has a vulnerability.
by using the Java Web Start API, to load and run web applications or applets. These can be selected on web pages or embedded in
CVE-2022-34534 An malicious API call can access sensitive information on the Watchdog Spectrum Server.
An attacker can craft a request in order to inject data into the server. The server then processes the request and passes the data on
Episode
00:00:00
00:00:00