CVE-2022-39866 In SmartThings before version 1.7.89.0, attackers can access sensitive information via implicit broadcasts.
An attacker can send a message to all devices with the event registered via SmartThings, which will allow them to receive the broadcast and potentially
CVE-2022-41853 Using Statement or PreparedStatement in hsqldb may be vulnerable to remote code execution.
This issue was previously fixed in hsqldb (HyperSQL DataBase) but a regression allowing untrusted inputs to be executed was reintroduced in 2.7.1.
The
CVE-2022-41852 JXPath may be vulnerable to a remote code execution attack when using functions that process XPath strings. Compile() and compilePath() are safe.
An attacker can craft an XPath string to load any class of his/her choice using an external source, such as an XML file.
JXPath
CVE-2022-39273 The control plane for the data processing platform Flyte is FlyteAdmin. Users who enable the default Flyte's authorization server are exposed to the public internet.
Users who have changed the ExternalAuthorizationServer setting in the config or have overridden it in their Flyte Admin’s settings will not be vulnerable to
CVE-2022-22503 Robotic Process Automation 21.0.0 could be hijacked by a remote attacker.
CVE-2019-10565 A vulnerability in the XCVF system could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to
Episode
00:00:00
00:00:00