CVE-2022-40664 Shiro before 1.10.0 has an authentication bypass vulnerability when forwarding or including via RequestDispatcher.
This allows for bypassing Authorization headers, and for attackers to gain unauthorized access to applications. A fix has been released for this issue: https://issues.
CVE-2022-41407 The App v1.0 had a SQL injection vulnerability via the id parameter.
A user with a low privilege level (e.g., guest) could potentially exploit this vulnerability and inject SQL code to gain higher privileges. A SQL
CVE-2022-40777 Interspire Email Marketer through 6.5.0 allows upload of arbitrary php files via a survey_submit.php operation, which can be accessed via /admin/temp/surveys/.
A remote attacker could leverage this vulnerability to upload arbitrary files and obtain access to the Interspire Email Marketer installation via directory traversal. Additionally, a
CVE-2022-42040 d8s-algorithms has a backdoor, the democritus-dicts package.
The package name was changed from democritus-dicts to democritus-dicts-0.1.0. This package was published on PyPI on October 11th, 2018. A new version 0.
CVE-2022-41188 The victim's computer can crash when opening a manipulated Wavefront Object file sent from an untrusted source.
During the installation of the SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable
Episode
00:00:00
00:00:00