CVE-2022-43985 – Apache Airflow Open Redirect Vulnerability in `/confirm` Endpoint Exposed
---
A new vulnerability has been identified in Apache Airflow, a popular open-source platform to programmatically author, schedule, and monitor workflows. Designated as CVE-2022-43985, this
CVE-2022-31777: Stored Cross-Site Scripting (XSS) Vulnerability in Apache Spark: Exploit Details, Code Snippets, and References
A stored cross-site scripting (XSS) vulnerability (CVE-2022-31777) exists in Apache Spark 3.2.1 and earlier, as well as version 3.3.. This security flaw
CVE-2022-42252: Apache Tomcat Request Smuggling Attack via Invalid Content-Length Headers
In this post, we will discuss the vulnerability CVE-2022-42252 affecting Apache Tomcat versions 8.5. to 8.5.82, 9..-M1 to 9..67, 10.
CVE-2022-25892 Packages 2.6.1, 3.0.0, and 3.1.1 of muhammara are vulnerable to DoS when supplied with a maliciously crafted PDF file.
This can lead to a crash in the application or to a situation where the package is no longer able to parse the incoming PDF
CVE-2022-2572 In affected versions of Octopus Server, it was possible that the API key/keys of a deleted user were still valid.
As a result, it was possible for that user or group to request access to the API via the management interface. Fixed in Version 3.
Episode
00:00:00
00:00:00