CVE-2024-52338 - Critical RCE Vulnerability in Apache Arrow R Package via Untrusted Data Deserialization
A critical security vulnerability, tracked as CVE-2024-52338, has been discovered in the Apache Arrow R package. This vulnerability allows arbitrary code execution (RCE) due to
CVE-2024-53008 - Exploiting HAProxy’s HTTP Request Smuggling to Bypass ACLs and Steal Sensitive Data
A new vulnerability, CVE-2024-53008, was recently discovered in HAProxy, a popular open-source software widely used for high-performance TCP/HTTP load balancing. The flaw is classified
CVE-2024-51569 - Out-of-Bounds Read in Apache NimBLE Bluetooth Stack (Explained)
Summary:
A recently discovered security flaw, CVE-2024-51569, exposes Apache NimBLE users to memory read vulnerabilities. This post explains the bug, its risks, demonstrates how the
CVE-2024-27134 - Exploiting Excessive Directory Permissions in MLflow for Local Privilege Escalation with spark_udf
CVE-2024-27134 is a recently disclosed vulnerability found in MLflow, a popular open-source machine learning platform. The core of this issue revolves around excessive directory permissions
CVE-2024-31141 - Files and Directories Exposed in Apache Kafka Clients (Improper Privilege Management Vulnerability)
---
Published: May 2024
Severity: High
Affects: Apache Kafka Clients 2.3. through 3.5.2, 3.6.2, 3.7.
Component: Kafka Clients, Kafka
Episode
00:00:00
00:00:00