CVE-2024-36387 - WebSocket Upgrades Over HTTP/2 Cause Null Pointer Dereference and Server Crashes
In June 2024, a critical vulnerability—CVE-2024-36387—was disclosed in popular web server software. This flaw allows attackers to crash server processes by
CVE-2024-37890 - How a Simple Header Overflow Can Crash Your Node.js ws Server
If you're running a Node.js WebSocket server using the popular ws library, you might be sitting on a time bomb. The newly
CVE-2024-1657 - Insecure WebSocket in Ansible Automation Platform Lets Attackers Steal Rulebook Data
Summary:
In early 2024, a critical vulnerability (CVE-2024-1657) was identified in the Ansible Automation Platform. This issue was caused by the use of
CVE-2024-23898 - Breaking Jenkins Security – A Deep Dive into Critical CSWSH Vulnerability (with Exploit Details)
Jenkins is one of the most popular automation servers out there. Hundreds of thousands of companies rely on it to build, test, and ship their
CVE-2023-2848 - How a Missing Header Let Attackers Hijack WebSockets in Movim (Pre-.22)
In the world of open-source social networking, security can sometimes be overlooked. That happened in Movim, a decentralized social platform built on XMPP. Before
Episode
00:00:00
00:00:00