CVE-2024-8636 - Heap Buffer Overflow in Skia - How a Crafted HTML Page Can Hack Your Chrome
In early 2024, a serious security bug—CVE-2024-8636—was found in the Skia graphics library, which is used by Google Chrome. Chrome versions before 128.
CVE-2024-40656 - Image Disclosure via Confused Deputy Vulnerability in ConnectionServiceWrapper.java
_Discovered in mid-2024, CVE-2024-40656 exposes a local information leak risk on Android platforms. A flaw in ConnectionServiceWrapper.java's handleCreateConferenceComplete method lets malicious apps
CVE-2024-40659 - Disabling AndroidKeyStore Key Generation via Faulty Attestation Key Validation
Android’s security infrastructure greatly depends on the integrity and isolation of cryptographic keys managed by the AndroidKeyStore system. However, CVE-2024-40659 has revealed a striking
CVE-2024-8190: OS Command Injection Vulnerability in Ivanti Cloud Services Appliance
_Ivanti Cloud Services Appliance versions 4.6 Patch 518 and earlier have been found to contain an OS command injection vulnerability. This vulnerability allows remote
CVE-2024-8504 - From Agent to Root—How Attackers Exploit VICIdial for Root Shell Access
VICIdial, the open-source call center suite, is trusted by thousands for handling high-volume calls. But in early 2024, two serious vulnerabilities—CVE-2024-8503 and CVE-2024-8504—were
Episode
00:00:00
00:00:00