CVE-2024-31309 - HTTP/2 CONTINUATION DoS Attack Consumes Excessive Resources in Apache Traffic Server
In this long read, we will be discussing the recently discovered vulnerability, CVE-2024-31309, affecting Apache Traffic Server (ATS). This vulnerability allows an attacker to perform
CVE-2024-27316 - Memory Exhaustion in HTTP/2 Due to Incoming Headers Exceeding the Limit in nghttp2 Library
The Common Vulnerabilities and Exposures (CVE) identifier CVE-2024-27316 refers to a memory exhaustion vulnerability found in the nghttp2 library, specifically when handling HTTP/2 incoming
CVE-2024-25065 - Path Traversal and Authentication Bypass Vulnerability in Apache OFBiz
Apache OFBiz is an open-source enterprise resource planning (ERP) system that offers a wide range of features and functionalities for various business domains. A critical
"CVE-2024-23807: Critical Use-After-Free Vulnerability in Apache Xerces C++ XML Parser Affecting Versions 3.. to 3.2.4 - Upgrade or Mitigate"
Introduction: As part of our continuing efforts to ensure the security and stability of open-source software, we would like to bring to your attention the
CVE-2024-24773 - Bypassing Data Authorization by Exploiting Improper Parsing of Nested SQL Statements in SQLLab (Apache Superset)
The vulnerability (CVE-2024-24773) is found in Apache Superset, a popular open-source platform for data visualization. The issue allows authenticated users to bypass their data authorization
Episode
00:00:00
00:00:00