CVE-2022-24614 - How A Tiny JPEG File Can Crash Your Java App (metadata-extractor DoS Exploit Explained)
Summary:
This post explains CVE-2022-24614, a Denial of Service (DoS) vulnerability in the popular Java library metadata-extractor up to version 2.16.. We’ll walk
CVE-2022-23848 - How Alluxio’s Log Server Input Stream Bug Could Lead to Security Risks
Alluxio is a widely-used open source data platform, heavily relied upon to handle massive scale workloads across industries. However, a discovered vulnerability (CVE-2022-23848) exposed users
CVE-2022-22916 - Remote Code Execution in O2OA v6.4.7 via /x_program_center/jaxrs/invoke
In the world of enterprise collaboration software, O2OA is a popular, open-source platform widely used for business process management in China. However, it sometimes finds
CVE-2021-44521 - How a Cassandra Config Lets Attackers Run Code on Your Server
If you’re running an Apache Cassandra database and want to use user-defined functions (UDFs), you might be exposing yourself to a serious risk—even
CVE-2022-0020 An XSS flaw in the Cortex XSOAR web interface allows an attacker to store a persistent payload that will perform arbitrary actions.
You should update your vulnerable system to version 6.2.0.1958888 as soon as possible. We apologize for the inconvenience. XSS vulnerabilities can be
Episode
00:00:00
00:00:00