CVE-2022-29599 - How a Tiny Bug in Maven's Commandline Exposed Projects to Shell Injection Attacks
Dependency management tools like Apache Maven are the bedrock of modern Java projects. But even these essential, widely-used tools can hide surprising vulnerabilities with big
CVE-2022-30551 Attackers can stop a server from processing messages by sending crafted messages that exhaust available resources.
This vulnerability is often exploited through the use of a sql injection attack. As a result, a remote attacker can access or modify data, or
CVE-2022-25762 Web apps that use WebSockets after Tomcat 8.5.0 to 8.5.75 or Tomcat 9.0.0.M1 to 9.0.20 can send messages
END>
To work around this issue, you can set the value of the TomcatConnectors.EnablePooling property to false when deploying the application on Tomcat 8.5.
CVE-2022-0866 - How a Concurrency Issue in JBoss and WildFly Can Return the Wrong Caller Principal – Exploit and Investigation
CVE-2022-0866 describes a subtle but impactful concurrency bug in JBoss EAP (7.1. and onward) and WildFly (11+), specifically when Elytron security is enabled. This
CVE-2022-20006 - Exploiting Android Lock Screen Race Condition for Local Privilege Escalation
CVE-2022-20006 highlights a vulnerability in Android caused by a critical race condition in the KeyguardServiceWrapper.java and related Java files. This flaw can briefly expose
Episode
00:00:00
00:00:00