CVE-2022-43430 Jenkins Compuware Topaz 2.4.8 and earlier does not configure its XML parser to prevent XXE attacks.
In certain situations, Jenkins may be exposed to a high risk of XXE attacks when it is processing untrusted inputs, such as XML configuration files.
CVE-2022-42114 An XSS vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36 and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.
This issue is due to insufficient sanitization of user input before placing it into the database. As a result, a user with administrative privileges can
CVE-2022-0699 A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases
The vendor has confirmed that there are no active attacks against this issue. Users are advised to upgrade to the latest release. CVE-2017-9832 - Double-free
CVE-2022-42341 ColdFusion versions 14 and earlier are affected by an XXE vulnerability that could lead to arbitrary file system read.
If a user visited a malicious website, opened a malicious advertiser tag, or browsed to a malicious URL within an ad unit, an attacker could
CVE-2022-38419 ColdFusion versions 14 and earlier are affected by an XXE vulnerability that could lead to arbitrary file system read.
If a user visited a malicious website, opened a malicious advertiser tag, or browsed to a malicious URL within an ad unit, an attacker could
Episode
00:00:00
00:00:00