CVE-2024-4109 - How a Flaw in Undertow HTTP/2 Handler Can Leak Your Inflight Secrets
On May 2024, a new security issue—CVE-2024-4109—was disclosed, affecting Red Hat’s highly used web server component, Undertow. If you use WildFly, JBoss,
CVE-2024-12397 - How a Cookie Parsing Bug in Quarkus-HTTP Can Leak Secret Cookies
A high-impact security flaw, CVE-2024-12397, was found in Quarkus-HTTP, a popular foundational HTTP library used by Quarkus, the “supersonic, subatomic Java” framework. This vulnerability allows
CVE-2024-49124 - LDAP Client Remote Code Execution Vulnerability – Inside the Threat, Exploit, and Mitigation
Published: June 2024
Introduction
On June 11, 2024, CVE-2024-49124 was assigned to a serious vulnerability in multiple LDAP client libraries and implementations, where attackers can
CVE-2024-49094 - Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Explained
In June 2024, Microsoft disclosed a serious Windows vulnerability—CVE-2024-49094—affecting the Wireless Wide Area Network Service (WwanSvc). This flaw allows an attacker with limited
CVE-2024-53677 - How a Dangerous File Upload Bug in Apache Struts Can Lead to Remote Code Execution
TL;DR:
Apache Struts had a severe vulnerability (CVE-2024-53677) in its file upload logic, present from version 2.. up to (but not including) 6.4.
Episode
00:00:00
00:00:00