CVE-2024-4067 - Understanding the ReDoS Vulnerability in the NPM `micromatch` Package
On May 2024, security researchers uncovered a Denial-of-Service vulnerability (ReDoS) in the popular JavaScript pattern matching library, micromatch. Tracked as CVE-2024-4067, this vulnerability arises from
CVE-2024-32655 - Critical Overflow Vulnerability in Npgsql’s `WriteBind()` Method Can Lead to Arbitrary SQL Execution
Date: June 2024
Npgsql Version Affected: Up to 8..2 (Fixed in 4..14, 4.1.13, 5..18, 6..11, 7..7, and 8.
CVE-2024-30171 - Timing Attack Risk in Bouncy Castle’s Java TLS API and JSSE Provider – Explained, Exploited, and Patched
Bouncy Castle is one of the most trusted libraries for cryptographic operations in Java. Used by developers and organizations worldwide, its TLS API and JSSE
CVE-2024-2454 - Critical DoS Vulnerability in GitLab CE/EE’s Pins Endpoint - How It Works and How to Mitigate
GitLab is a favorite tool for developers worldwide, used for code collaboration and DevOps workflows. But like any popular platform, it can attract security issues.
CVE-2024-29857 - Exploiting Excessive CPU Usage in Bouncy Castle ECCurve Certificate Parsing
CVE-2024-29857 is a recently disclosed vulnerability affecting a family of cryptographic libraries known as Bouncy Castle. This issue revolves around how the libraries handle certain
Episode
00:00:00
00:00:00