CVE-2022-22576 An authentication vulnerability in curl 7.33 to 7.82 might allow attackers to reuse OAuth2-authenticated connections.
A malicious or compromised remote server could send an authorised request to the client computer with the same credentials as were used for the initial
CVE-2022-29972 An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver may allow a local user to execute arbitrary code.
An attacker may leverage this vulnerability to inject commands into the database or cause the server to process malicious commands. In certain configurations, this may
CVE-2022-1389 F5 BIG-IP has a cross-site request forgery vulnerability in the BIG-IP Configuration utility on all versions up to 16.1.x. The vulnerability is fixed in 17.0.0.
when determining whether or not to apply a fix. All versions of 14.x, 13.x, and 12.x are at Risk. Note: Software versions
CVE-2022-0916 An issue was discovered in Logitech Options OAuth 2.0 state parameter not properly validated.
To protect against these attacks, applications should always check the state parameter received from the server. In addition, applications should only permit authorized state change
CVE-2022-21497 - Code Execution and Data Breach Risk in Oracle Web Services Manager (Oracle Fusion Middleware)
In April 2022, Oracle announced CVE-2022-21497, a serious vulnerability in the Oracle Web Services Manager (OWSM), a key security component of the Oracle
Episode
00:00:00
00:00:00