CVE-2024-10977 - How Attacker-Controlled Error Messages in PostgreSQL Client Libraries Can Risk Your Data
PostgreSQL is one of the world’s most popular and trusted database systems, supporting mission-critical apps for millions. But even PostgreSQL isn’t immune to
CVE-2024-10976 - Risks of Incomplete Row Security Tracking in PostgreSQL Through Query Plan Reuse
Summary:
CVE-2024-10976 is a newly-identified vulnerability in PostgreSQL that can let a user bypass row-level security (RLS) and access or modify rows that should be
CVE-2022-31671 - How Harbor’s Weak Log Permissions Expose Your Job Logs
In today’s world, container registries like VMware Harbor are the backbone of cloud-native development. Harbor is valued for its security features, but even the
CVE-2022-31667 - How to Exploit Harbor's Robot Account Permission Bypass
> Exclusive Long Read: Understand and Exploit a Subtle but Serious Harbor Security Bug
What is Harbor?
Harbor is an open-source registry for storing, signing,
CVE-2023-34049 - How Predictable Script Paths in Salt-SSH Can Be Exploited for Privilege Escalation
Published: June 2024
Introduction
Recently, a severe vulnerability—CVE-2023-34049—was found in Salt Project’s Salt-SSH tool. This security flaw is serious because attackers who
Episode
00:00:00
00:00:00