CVE-2024-37302 - Synapse Homeserver Disk Fill Vulnerability Explained — How Attackers Could Deny Your Matrix Service
In June 2024, a new critical vulnerability was discovered in Synapse, the popular open-source Matrix homeserver. Tagged as CVE-2024-37302, this bug gives attackers a free
CVE-2024-53566 - Path Traversal in Sangoma Asterisk action_listcategories() (v22 through v22..-pre1) Explained
Summary:
In June 2024, a vulnerability (CVE-2024-53566) was found in the popular Sangoma Asterisk PBX (private branch exchange) software, specifically in several v22 releases including
CVE-2024-53259 - Off-Path ICMP Injection Attack Disrupts quic-go QUIC Connections
Published June 2024
The open-source project quic-go—an implementation of the QUIC protocol written in Go—was recently found to have a critical vulnerability (CVE-2024-53259)
CVE-2024-53990 - Critical Cookie Handling Flaw in AsyncHttpClient (AHC) Exposes User Data
A highly critical vulnerability, CVE-2024-53990, has been discovered in the popular Java HTTP networking library AsyncHttpClient (AHC). This bug can cause the library to silently
CVE-2024-53862 - Critical Argo Workflows Archive Exposure—How a Missing Auth Check Led to Leaked Archived Workflows
Argo Workflows has become the go-to workflow engine for orchestrating jobs on Kubernetes clusters. But in mid-2024, a severe vulnerability (CVE-2024-53862) was discovered that put
Episode
00:00:00
00:00:00