CVE-2024-40659 - Disabling AndroidKeyStore Key Generation via Faulty Attestation Key Validation
Android’s security infrastructure greatly depends on the integrity and isolation of cryptographic keys managed by the AndroidKeyStore system. However, CVE-2024-40659 has revealed a striking
CVE-2024-7341 - Exploiting Session Fixation in Keycloak SAML Adapters – A Deep Dive
In early 2024, CVE-2024-7341 was disclosed, uncovering a session fixation vulnerability in SAML adapters for Keycloak, the widely used open-source identity and access management tool.
CVE-2024-40711 - Deserialization of Untrusted Data Leads to Remote Code Execution (RCE)
In June 2024, a serious vulnerability surfaced under the identifier CVE-2024-40711. This security threat involves improper handling of untrusted serialized data, opening doors for unauthenticated
CVE-2024-45299 - Exploiting Improper JSON Escaping in alf.io's Admin Customization
alf.io is a popular open source ticket reservation system, used by organizers for events like conferences, workshops, trade shows, and meetups. It's
CVE-2024-7885 - Exploiting Undertow ProxyProtocolReadListener StringBuilder Reuse — A Hands-On Overview
In 2024, a significant vulnerability surfaced in the Undertow web server, tracked as CVE-2024-7885. The issue lies in how the ProxyProtocolReadListener class manages a StringBuilder
Episode
00:00:00
00:00:00