CVE-2024-49817 - Weak Credential Storage in IBM Security Guardium Key Lifecycle Manager (4.1 – 4.2.1) Explored
In June 2024, a new security issue surfaced impacting IBM Security Guardium Key Lifecycle Manager (SKLM) versions 4.1, 4.1.1, 4.2., and
CVE-2024-50379 - Critical Apache Tomcat TOCTOU RCE via JSP Compilation on Case-Insensitive Filesystems
A major security threat (CVE-2024-50379) has been discovered in Apache Tomcat, one of the world's most widely used Java web server platforms. This
CVE-2024-49147 - Microsoft Update Catalog Deserialization Vulnerability – How Attackers Can Elevate Privileges (With Code Example)
---
Summary:
In June 2024, CVE-2024-49147 exposed a serious vulnerability in the Microsoft Update Catalog website (https://www.catalog.update.microsoft.com/). The root culprit?
CVE-2024-21574 - How POST Requests to `/customnode/install` Enable Remote Code Execution in Custom Node Extensions
CVE-2024-21574 is a critical vulnerability that left many servers running custom node extensions open to Remote Code Execution (RCE). This post will walk you through
CVE-2024-49132 - Windows Remote Desktop Services Remote Code Execution Vulnerability Explained
In early June 2024, cybersecurity experts discovered a critical vulnerability in Microsoft’s Remote Desktop Services (RDS) identified as CVE-2024-49132. This flaw enables remote attackers
Episode
00:00:00
00:00:00