CVE-2024-36138 - Bypass Incomplete Fix of CVE-2024-27980: A Deep Dive into Improper Handling of Batch Files in Windows via child_process.spawn / child_process.spawnSync
In this post, we will discuss a recently found vulnerability, CVE-2024-36138, which bypasses the incomplete fix of CVE-2024-27980. This vulnerability arises from improper handling of
CVE-2024-34156 - Stack exhaustion vulnerability in GoLang's Decoder.Decode with deeply nested structures: A follow-up to CVE-2022-30635
In this post, we'll be discussing a newly discovered vulnerability in the GoLang programming language's Decoder.Decode function (CVE-2024-34156) that has
CVE-2024-45299: Alf.io Ticket Reservation System Preloaded Data Vulnerability Fixed in Version 2.-M5
Alf.io is an open-source ticket reservation system designed to simplify event management for conferences, trade shows, workshops, and meetups. However, in versions prior to
Understanding CVE-2024-43102: An In-Depth Look into the Vulnerability That Could Result in Kernel Panic, Code Execution, and Capsicum Sandbox Escape
In this post, we delve deep into the details of the security vulnerability CVE-2024-43102, which lies in the concurrent removal of certain anonymous shared memory
CVE-2024-45002: Fixing rtla/osnoise NULL Dereference Vulnerability in the Linux Kernel
Recently, a critical vulnerability in the Linux kernel was discovered and resolved. Referred to as CVE-2024-45002, this vulnerability lies within the rtla/osnoise component, and
Episode
00:00:00
00:00:00