CVE-2022-22965 An MVC or Spring WebFlux application may be vulnerable to remote code execution if it runs on Tomcat as a WAR deployment.
If the application is running on JDK 9, i.e. Spring Boot 1.4 or later, it is not vulnerable. It is possible for an
CVE-2022-24299 - How Improper Input Validation in pfSense Could Let Attackers Run Any Command
If you're running pfSense for your network firewall or VPN, you need to know about CVE-2022-24299. This is a serious security weakness that,
CVE-2022-27772 Spring Boot versions 2.2.11 was vulnerable to temp directory hijacking.
For more information, see Trend Micro's knowledge base: https://support.trendmicro.com/hc/en-u/articles/20360188-How-can-I-prevent-spring-boot-vulnerabilities. We recommend upgrading to Spring Boot v2.
CVE-2022-25517 - SQL Injection Vulnerability in MyBatis Plus v3.4.3 via AbstractWrapper.java Column Parameter
MyBatis Plus is a popular enhancement of the MyBatis framework, widely used in Java applications for simplifying database operations. In early 2022, researchers discovered a
CVE-2022-0853 A flaw was found in JBoss-client
The discovered issue allows a remote attacker to execute arbitrary code on the target system in context of the current user. This can be exploited
Episode
00:00:00
00:00:00