CVE-2022-1258 An authenticated administrator on ePO can exploit a blind SQL injection vulnerability in MA ePO 5.7.6 and perform arbitrary SQL queries in the back-end database. This can lead to command execution.
An attacker must first obtain the ability to access the ePO server and then perform a series of steps to exploit this vulnerability. First, the
CVE-2022-27448 - Unpacking the MariaDB "Assertion Failure" Vulnerability and Its Real-World Risks
In April 2022, security researchers discovered a critical vulnerability in MariaDB Server (versions 10.9 and below) that could crash the database through a simple
CVE-2022-22959 VMware Workspace ONE, Access, Identity Manager and vRealize Automation have a cross-site forgery vulnerability.
This can cause the application to execute a SQL query or get redirected to a malicious site. Access, Identity Manager and vRealize Automation contain a
CVE-2022-24765 Git for Windows is a fork of Git containing Windows-specific patches. It's vulnerable to LUKS hard disk encryption key compromise.
GIT_DIR` in the Windows registry, which will then be picked up by Git operations. This vulnerability has been patched in Git for Windows v2.
CVE-2022-28347 - SQL Injection in Django’s QuerySet.explain() — An Exclusive Deep Dive
In March 2022, a quiet but critical vulnerability was patched in Django, the world’s most popular Python web framework. Labeled CVE-2022-28347, this bug allowed
Episode
00:00:00
00:00:00