CVE-2023-4091 - How Samba’s VFS “acl_xattr” Module Let SMB Clients Wipe Read-Only Files
A serious bug was found in Samba that lets SMB clients delete (truncate) the contents of files—even if they only have read-only access! This
CVE-2023-46846 - How SQUID’s Chunked Decoder Lenience Enables HTTP Request Smuggling Attacks
In October 2023, security researchers uncovered CVE-2023-46846, a worrying vulnerability in the popular open-source proxy server, Squid. This bug lets attackers exploit lenient parsing of
CVE-2023-38473 - Dive into the Avahi avahi_alternative_host_name() Vulnerability, Exploit Details, and Code Demo
In June 2023, a new vulnerability labeled CVE-2023-38473 made its appearance in the popular Avahi codebase. If you’ve ever set up a Raspberry Pi,
CVE-2023-38472 - Exploiting the Avahi avahi_rdata_parse() Reachable Assertion Vulnerability
If you’re managing Linux systems or networked devices, you’ve probably come across Avahi. Avahi is the go-to open source implementation for Zeroconf and
CVE-2023-38470 - Reaching the Heart of Avahi - How a Simple Label Escape Weakness Exposes Your Linux Device
The CVE-2023-38470 vulnerability is a serious issue discovered in Avahi, a widely-used open-source mDNS/DNS-SD (Bonjour/Zeroconf/Apple-style device discovery) implementation. It exposes millions of
Episode
00:00:00
00:00:00