CVE-2022-26472 In ims, there is a possible escalation of privilege due to a parcel format mismatch. User interaction is not needed for exploitation.
There are issues with the default configuration of ims, where it is possible to obtain escalated privileges. By manipulating the system’s trust in a
CVE-2022-39866 In SmartThings before version 1.7.89.0, attackers can access sensitive information via implicit broadcasts.
An attacker can send a message to all devices with the event registered via SmartThings, which will allow them to receive the broadcast and potentially
CVE-2022-41853 Using Statement or PreparedStatement in hsqldb may be vulnerable to remote code execution.
This issue was previously fixed in hsqldb (HyperSQL DataBase) but a regression allowing untrusted inputs to be executed was reintroduced in 2.7.1.
The
CVE-2022-41852 JXPath may be vulnerable to a remote code execution attack when using functions that process XPath strings. Compile() and compilePath() are safe.
An attacker can craft an XPath string to load any class of his/her choice using an external source, such as an XML file.
JXPath
CVE-2022-39273 The control plane for the data processing platform Flyte is FlyteAdmin. Users who enable the default Flyte's authorization server are exposed to the public internet.
Users who have changed the ExternalAuthorizationServer setting in the config or have overridden it in their Flyte Admin’s settings will not be vulnerable to
Episode
00:00:00
00:00:00