CVE-2022-0552 A flaw was found in the fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete.
A new version has been released to fix this issue. The new maven package is origin-aggregated-logging-3.12. The updated image is available in the RBAC
CVE-2022-24681 ADS SelfService Plus before 6.12 has XSS that allows reset password, unlock account, or user must change password.
XSS is an injection vulnerability where code is injected into one web application component and executed in another component’s context. This can lead to
CVE-2022-23970 The update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter.
An attacker can create a specially-crafted update_json HTTP request that causes the update_json function to load a different file than it normally would,
CVE-2022-24523 - Microsoft Edge (Chromium-based) Spoofing Vulnerability Explained
Microsoft Edge is a popular web browser built on the Chromium engine—the same one used by Google Chrome. In early 2022, a new security
CVE-2022-0791 - Understanding the Use-After-Free Vulnerability in Google Chrome’s Omnibox
In early 2022, a serious security vulnerability was discovered in Google Chrome's Omnibox (the address bar). Tracked as CVE-2022-0791, this flaw allowed attackers
Episode
00:00:00
00:00:00