CVE-2024-11668 - How GitLab’s Long-Lived Connections Bypassed Authentication and What It Means for You
On May 2, 2024, a serious security flaw—CVE-2024-11668—was disclosed by GitLab regarding long-lived connections, affecting various versions of the popular GitLab Community (CE)
CVE-2024-52008 - Critical Weak Password Vulnerability in Fides User Invite API
Fides is a popular open-source privacy engineering platform, widely praised for helping organizations automate and manage privacy operations. In June 2024, a serious security issue
CVE-2024-52336 - Tuned D-Bus Local Privilege Escalation via `instance_create()` Script Injection
A new vulnerability tagged as CVE-2024-52336 affects the popular system tuning tool, Tuned. This weakness allows a simple local user to run code as root—
CVE-2024-22117 - A Deep Dive into sysmapelementurlid Manipulation & DoS Threat
CVE-2024-22117 identifies a critical vulnerability in certain web applications that allow users to add URLs to a mapping element. Improper handling of the sysmapelementurlid in
CVE-2024-11706 - Understanding the Null Pointer Dereference in pk12util (`SEC_ASN1DecodeItem_Util`) and Its Exploitation
In early 2024, a security flaw tagged as CVE-2024-11706 was discovered in the way Mozilla's pk12util tool handles certain certificate-related files. The bug
Episode
00:00:00
00:00:00