CVE-2024-42019 - Extracting NTLM Hashes from Veeam Reporter Service – How Attackers Can Steal Credentials With User Interaction
On June 12, 2024, Veeam released an advisory for a serious vulnerability—CVE-2024-42019—that affects their Reporter Service, a component often installed with Veeam Backup
CVE-2024-40711 - Deserialization of Untrusted Data Leads to Remote Code Execution (RCE)
In June 2024, a serious vulnerability surfaced under the identifier CVE-2024-40711. This security threat involves improper handling of untrusted serialized data, opening doors for unauthenticated
CVE-2024-36137 - Node.js File Descriptor Exploit in Permission Model with --allow-fs-write
A newly-discovered vulnerability, CVE-2024-36137, affects the Node.js runtime when using the *experimental permission model*. This flaw allows attackers to bypass the intended security restrictions
CVE-2023-39333 - Injecting JavaScript with WebAssembly Export Names in Node.js
WebAssembly (WASM) is a powerful tool for running high-performance code in browsers and other environments. But what happens when the very WASM modules you bring
CVE-2023-46809 - Node.js and the Marvin Attack — Exploiting Weaknesses in PKCS #1 v1.5 Padding with OpenSSL
CVE-2023-46809 reveals a serious security issue for Node.js applications that use unpatched OpenSSL libraries and allow PKCS #1 v1.5 padding in RSA private
Episode
00:00:00
00:00:00