CVE-2022-37865: Apache Ivy Vulnerability - Unpacking Arbitrary Artifacts on the Local File System
In this post, we will discuss a significant vulnerability (CVE-2022-37865) that affects Apache Ivy versions 2.4. through 2.5.. This vulnerability allows attackers to
CVE-2022-44794 Object First has an issue where a remote attacker can execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters.
An issue was discovered in Object First 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash
CVE-2022-40747 IBM InfoSphere Information Server is vulnerable to an XML External Entity Injection attack. An attacker could exploit this to reveal sensitive information or consume memory resources.
Information on possible vectors of attack and fixes can be found here. Information on possible vectors of attack and fixes can be found here. CVE-2018-3092
CVE-2022-32287 An attacker can create files outside the target directory using a vulnerability in the FileUtil class of the PEAR management component of Apache UIMA.
An attacker could leverage this vulnerability to create files outside the intended directory structure. The following are some example paths that could be used to
CVE-2022-43982 - Apache Airflow XSS Vulnerability in "Trigger DAG with config" Screen
Apache Airflow is a popular open-source platform designed to programmatically manage, monitor, and execute complex workflows. Recently, an issue has been reported under the identifier
Episode
00:00:00
00:00:00