CVE-2024-56128 - Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM
CVE-2024-56128 exposes a critical problem in the way Apache Kafka implemented SCRAM (Salted Challenge Response Authentication Mechanism). This vulnerability comes from Kafka not fully following
CVE-2024-49820 - Exploiting IBM Security Guardium Key Lifecycle Manager’s HTTP Strict Transport Security Flaw
On June 14, 2024, IBM published a security advisory detailing a vulnerability (CVE-2024-49820) that affects several versions of IBM Security Guardium Key Lifecycle Manager: 4.
CVE-2024-54677 - Uncontrolled Resource Consumption in Apache Tomcat Examples Web App – Technical Analysis, Code Snippet, and Exploit Details
Apache Tomcat is one of the world’s most used open-source web servers for Java. However, even trusted software like Tomcat can sometimes have dangerous
CVE-2024-50379 - Critical Apache Tomcat TOCTOU RCE via JSP Compilation on Case-Insensitive Filesystems
A major security threat (CVE-2024-50379) has been discovered in Apache Tomcat, one of the world's most widely used Java web server platforms. This
CVE-2024-50339 - How Attackers Can Hijack Any Session in GLPI Before Version 10..17
GLPI is an open-source IT asset management software popular among many organizations for tracking hardware, software, tickets, and much more. However, between versions 9.5.
Episode
00:00:00
00:00:00