CVE-2022-30258 Technitium DNS Server through 8.0.2 has V2 domain name resolution vulnerability, which can be exploited to resolve revoked or malicious domains.
An exploit would be successful if an attacker controls a legitimate DNS name, for example using a subdomain of a legitimate domain. An exploit would
CVE-2022-43687 Concrete CMS 9.0.0 - 9.1.2 does not issue a new session ID upon successful OAuth authentication.
If you have a lot of end users who don’t keep their login details up to date, this issue can lead to situations where
CVE-2022-45130 CSRF attack possible via the /api/v2/cli/commands REST API.
If you have installed Obsidian on your server, it is critical that you review the list of REST API endpoints, as there is a risk
CVE-2022-42466 An end user could set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value is saved.
This issue only occurred when the domain object was created via the API. When creating an instance via the REST API or the query builder,
CVE-2022-42980 go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.
If you are using the GoCD, then you do not have to worry about this. The GO-CD will generate a new JWT for you with
Episode
00:00:00
00:00:00