CVE-2022-41427 Bento4 v1.6.0-639 had a memory leak in the AP4_AvcFrameParser::Feed function.
As a result, a attacker could leverage this issue to crash the application or execute arbitrary code on the system. Note that memory leak vulnerabilities
CVE-2022-42003 Databind before 2.14.0-rc1 can exhaust resources when UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
This results in excessive calls to primitive value deserializers, which can lead to resource exhaustion. If UNWRAP_SINGLE_VALUE_ARRAYS is disabled and resource exhaustion
CVE-2022-23726 Previous versions of the PingCentral Ping API exposed Spring Boot actuator endpoints with administrative authentication that gives away sensitive information.
The most common attack scenario is via an outside party using a web crawling tool to search for available endpoints and then craft a request
CVE-2020-15338 The Zyxel CloudCNM SecuManager has a "Use of GET Request Method With Sensitive Query Strings" issue. This issue may be exploited by attackers to access sensitive information.
In these cases, the server may return a different response code than expected. This issue occurs when the GET request method is used with a
CVE-2022-40083 The Echo CMS v4.8.0 had an open redirect vulnerability in the Static Handler component.
SSRF is a type of attack where the attacker tricks the victim’s web application into executing a command on the server. The command can
Episode
00:00:00
00:00:00