CVE-2024-49147 - Microsoft Update Catalog Deserialization Vulnerability – How Attackers Can Elevate Privileges (With Code Example)
---
Summary:
In June 2024, CVE-2024-49147 exposed a serious vulnerability in the Microsoft Update Catalog website (https://www.catalog.update.microsoft.com/). The root culprit?
CVE-2024-4109 - How a Flaw in Undertow HTTP/2 Handler Can Leak Your Inflight Secrets
On May 2024, a new security issue—CVE-2024-4109—was disclosed, affecting Red Hat’s highly used web server component, Undertow. If you use WildFly, JBoss,
CVE-2024-12397 - How a Cookie Parsing Bug in Quarkus-HTTP Can Leak Secret Cookies
A high-impact security flaw, CVE-2024-12397, was found in Quarkus-HTTP, a popular foundational HTTP library used by Quarkus, the “supersonic, subatomic Java” framework. This vulnerability allows
CVE-2024-49124 - LDAP Client Remote Code Execution Vulnerability – Inside the Threat, Exploit, and Mitigation
Published: June 2024
Introduction
On June 11, 2024, CVE-2024-49124 was assigned to a serious vulnerability in multiple LDAP client libraries and implementations, where attackers can
CVE-2024-49094 - Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Explained
In June 2024, Microsoft disclosed a serious Windows vulnerability—CVE-2024-49094—affecting the Wireless Wide Area Network Service (WwanSvc). This flaw allows an attacker with limited
Episode
00:00:00
00:00:00