CVE-2022-40955 An attacker with privileges to specify MySQL JDBC connection URL parameters and write to the database can cause deserialized data to be l
Users are advised to upgrade to Apache InLong 1.3.0 or newer. https://github.com/apache/incr/issues/2
Apache InLong 1.2.0
CVE-2022-40300 - Deep Dive Into Critical SQL Injection in Zoho ManageEngine Products
In the world of enterprise IT, password management is a big deal. Many companies rely on Zoho’s ManageEngine lineup—including Password Manager Pro, PAM360,
CVE-2022-38428 Adobe Photoshop versions 22.5.8 and 23.4.2 are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could exploit this vulnerability to bypass ASLR.
Adobe recommends users update to the latest version 23.5.1. The update is currently available through the Creative Cloud application. Adobe warned that although
CVE-2022-32555 US-based IC2 and IC1 before 7.0 didn't have anti-CSRF token.
This issue could lead to the disclosure of sensitive data if an attacker tricks a user into visiting a malicious website.
Unisys Data Exchange Management
CVE-2022-34165 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 are vulnerable to HTTP header injection, due to improper validation.
In a enterprise setting, where tight firewall rules allow access to the Internet, an attacker could exploit these weaknesses by sending a malicious request to
Episode
00:00:00
00:00:00