A Bootiful Podcast: Thomas Vitale, author of Cloud Native Spring in Action

Hi, Spring fans! In today's episode I'm thrilled to sit down with my friend and Cloud Native Spring in Action author Thomas Vitale. This episode was recorded live at the amazing Spring IO 2024 event...

Rootstock Labs: Crafted smart contract can take ~23 seconds to execute due to immense error string construction

The crafted smart contract can take approximately 23 seconds to execute due to the immense error string construction. The vulnerability was caused by the native contract's implementation, which constructed the entirety of the input message as a hex string for logging and throwing an exception. Th...

Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups

The Cyber Police of Ukraine has announced the arrest of a local man who is suspected to have offered their services to LockBit and Conti ransomware groups. The unnamed 28-year-old native of the Kharkiv region allegedly specialized in the development of crypters to encrypt and obfuscate malicious...

A Bootiful Podcast: Abdel Sghiouar, Cloud Native Developer Advocate at Google

Hi, Spring fans! Abdel Sghiouar is a senior Cloud Native Developer Advocate at Google, a co-host of the Kubernetes Podcast by Google and a CNCF Ambassador, and it was my pleasure to sit down with him at the amazing Spring IO event in Barcelona and catch up on all things Kubernetes and Google...

Apache Submarine SQL Injection Vulnerability

Apache Submarine is a cloud-native machine learning platform from the Apache USA Foundation. An SQL injection vulnerability exists in Apache Submarine Server Core, which stems from improper neutralization of the particular element used...

Identify sessions connected via Native Workspace App versus Receiver for Web (Browser)

Identify the sessions which are connected via Native Workspace App versus Receiver for Web Browser...

CVE-2024-31959

An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks a check for the validation of native handles, which can result in code execution...

CVE-2024-31958

An issue was discovered in Samsung Mobile Processor EExynos 2200, Exynos 1480, Exynos 2400. It lacks a check for the validation of native handles, which can result in an Out-of-Bounds Write...

Fedora: Security Advisory for qt6-qtwebview (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-31959

An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks a check for the validation of native handles, which can result in code execution...

Samsung Mobile Processor Security Vulnerability

SAMSUNG Mobile Processor is a family of mobile processors from the South Korean company Samsung SAMSUNG. A security vulnerability exists in Samsung Mobile Processor that stems from a lack of checks for native handle validation, which could lead to code execution...

Samsung Mobile Processor Security Vulnerability

SAMSUNG Mobile Processor is a family of mobile processors from Samsung South Korea. A security vulnerability exists in Samsung Mobile Processor that stems from a lack of checks for native handle validation, which could lead to out-of-bounds writes...

CVE-2024-31958

An issue was discovered in Samsung Mobile Processor EExynos 2200, Exynos 1480, Exynos 2400. It lacks a check for the validation of native handles, which can result in an Out-of-Bounds Write...

CVE-2024-31959

Summary: CVE-2024-31959 affects Samsung Mobile Processor Exynos 2200, Exynos 1480, and Exynos 2400. The root cause is a missing validation check for native handles, which can enable code execution. The CVSS data in the provided documents indicate a high severity impact with local attack vector an...

PT-2024-24320 · Samsung · Exynos 2200 +2

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor Exynos versions 2200, 1480, 2400 Description: An issue was discovered in Samsung Mobile Processor Exynos, where it lacks a check for the validation of native handles, which can result in code execution. Recommendation...

CVE-2024-31958

CVE-2024-31958 affects Samsung Mobile Processor Exynos families 2200, 1480, and 2400. The issue is a lack of validation for native handles, which can lead to an Out-of-Bounds Write. Documents consistently describe the affected components and the root cause but do not provide concrete exploit deta...

BIT-ENVOY-2024-32974 Envoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete()

Envoy is a cloud-native, open source edge and service proxy. A crash was observed in EnvoyQuicServerStream::OnInitialHeadersComplete with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after StopReading being called on the stream. As after StopReadin...

BIT-ENVOY-2024-32976 Envoy can enter an endless loop while decompressing Brotli data with extra input

Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input...

BIT-ENVOY-2024-34362 Envoy affected by a crash (use-after-free) in EnvoyQuicServerStream

Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in HttpConnectionManager HCM with EnvoyQuicServerStream that can crash Envoy. An attacker can exploit this vulnerability by sending a request without FIN, then a RESETSTREAM frame, and then after receiving the...

BIT-ENVOY-2024-34363 Envoy can crash due to uncaught nlohmann JSON exception

Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash...