CVE-2022-2469 GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client
This issue is present in the libgsasl library and does not affect libsasl. libgsasl is not enabled by default and needs to be enabled by
CVE-2022-29060 Fortinet's FortiDDoS API has a hard-coded key vulnerability. An attacker who retrieves the key from one device may be able to sign JWT tokens for all devices.
Furthermore, it is possible to sign tokens with a key that was not originally intended to be used for signing JWTs. This may result in
CVE-2022-26352 The ContentResource API in dotCMS 3.0 through 22.02 had an issue where attackers can craft a multipart form request to post a file whose filename is not sanitized.
dotCMS 3.0 through 22.02 is not vulnerable if anonymous content creation is disabled. There are no known attacks against this API. Due to
CVE-2022-1025 Argo CD v1.0.0 is vulnerable to an improper access control bug. It allows a malicious user to potentially escalate their privileges to admin-level.
At the time of writing, the bug has been fixed in the latest version 1.3.9 and later. If you are using an earlier
CVE-2022-31571 The akashtalole/python-flask-restful-api repository through 2019-09-16 uses unsafe Flask send_file function to achieve path traversal.
In most applications, absolute paths are considered secure because they are typically verified before they are used. The Flask RESTful API allows the send_file
Episode
00:00:00
00:00:00