CVE-2024-38255 - Breaking Down the SQL Server Native Client Remote Code Execution Vulnerability
On June 2024 Patch Tuesday, Microsoft released a critical security advisory for a new vulnerability in SQL Server Native Client, tracked as CVE-2024-38255. This remote
CVE-2024-50330 - SQL Injection in Ivanti Endpoint Manager Leads to Remote Code Execution
In June 2024, a critical vulnerability was disclosed in Ivanti Endpoint Manager (EPM)—previously known as LANDESK Management Suite. Tracked as CVE-2024-50330, this flaw exposes
CVE-2024-10947 - Critical SQL Injection in Guangzhou Tuchuang Interlib Library Cluster Automation Management System (≤2..1)
A critical vulnerability, known as CVE-2024-10947, was discovered in the Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to version 2.
CVE-2024-31880 - Understanding and Exploiting the IBM Db2 Denial of Service Vulnerability
In June 2024, a new vulnerability—CVE-2024-31880—was publicly disclosed for IBM Db2 for Linux, UNIX, and Windows (including Db2 Connect Server), affecting versions 10.
CVE-2024-9264 - Grafana’s Experimental SQL Expressions Let Attackers Inject Code with `duckdb`
Grafana is one of the most popular open-source analytics and monitoring tools out there. But sometimes, new features can bring new risks – and CVE-2024-9264 proves
Episode
00:00:00
00:00:00