CVE-2022-31679 An attacker can access HTTP PATCH requests to the REST API in 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older versions if they know the structure of the domain model.
For example, they can use this technique to cause a service to generate a new revision of a given entity every time an HTTP request
CVE-2022-38340 FME Server v2021.2.5, v2022.0.0.2 older than 2021.2.5 contains a Path Traversal vulnerability.
This vulnerability can be exploited by a remote attacker to inject and execute malicious code in the context of the affected application. A successful exploit
CVE-2022-38545 Valine v1.4.18 has a RCE vulnerability that allows attackers to execute arbitrary code.
This update also fixes several bugs and provides overall improved performance. In addition, this release updates the v1.4.17 release to v1.4.18,
CVE-2022-0143 The LDAP connector with StartTLS enabled grants unauthenticated access. This started as an issue in 1.5.20.9.
All installations of IdM and RCS are vulnerable to this issue, including all versions prior to 4.0.1.10, 4.0.1.9, and
CVE-2022-23766 An input validation vulnerability allowed arbitrary file execution.
When accessing a malicious website or opening a malicious file, the user’s browser sends the request to the Internet server. The server receives the
Episode
00:00:00
00:00:00