CVE-2022-1025 Argo CD v1.0.0 is vulnerable to an improper access control bug. It allows a malicious user to potentially escalate their privileges to admin-level.
At the time of writing, the bug has been fixed in the latest version 1.3.9 and later. If you are using an earlier
CVE-2022-32532 - How Misconfigured Regex Can Let Hackers Bypass Authorization in Apache Shiro (Before 1.9.1)
Apache Shiro is a popular security framework for Java, commonly used to handle authentication and authorization in web applications. In 2022, the project disclosed a
CVE-2022-34305 Tomcat versions 10.1.0 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 do not filter user provided data, which exposes a XSS vulnerability.
This has been fixed in these versions. Apache Tomcat 9.0.0-M1, 8.5.0-8, 8.0.18, 7.x versions and earlier are vulnerable.
CVE-2022-33915 The Amazon AWS Log4j hotpatch package is affected by a race condition that could lead to a local privilege escalation.
In most cases, the hotpatch will run successfully. However, if the process exec()s a SUID binary and the process has not been observed, the
CVE-2022-30147 - Windows Installer Elevation of Privilege Vulnerability Explained (With PoC)
Windows is the backbone of personal and corporate computing. But just like any big system, it has its share of vulnerabilities. One such flaw found
Episode
00:00:00
00:00:00