We have a couple normally low-impact bugs in Solana rBPF this week netting a $200k bounty, a Python 2.7+ Use-After-Free and a PS4 and PS5 remote kernel heap overflow along with some discussion about exploitability and usability for a jailbreak.
A lot of cool little bugs this week with some solid impact, Facebook and Priceline account takeovers, F5 iControl Authentication Bypass, and a couple other logic bugs.
Just a few vulnerabilities this week, but we have some codeql discussion as its used to find several vulnerabilities in Accel-PPP VPN server, and a look at a bug submitted to Pwn2Own 2021.
Some interesting vulnerabilities this week from a Cloudflare Pages container escape chain, to hacking a bank's web application with some neat tricks to get abuse a file-write in a hardened envrionment, and even another dumb smart-contract bug.
A few vulnerabilities from a TOCTOU to an arbitrary free, and some research into using data-flow in your fuzzing.
Some straight forward bugs this week with some interesting discussion around cryptographic protocols (VMWare Workspace), XSS in the Web3 world, and whether container escapes into a low-privileged VM matter. Along with a couple just note-worthy test-cases to keep in mind while bug hunting.
We are joined by Cts for a discussion about getting into vulnerability research and some thoughts about the higher-level bug hunting process, then a look at some black-box fuzzing of MS Defender for IoT and a FUSE use-after-free.
An intresting mix of issues from crypto (Psychic Signatures), to a bad vulnerability patching service (patching log4shell), and bad logic leading to authentication bypassing and leaking sensitive keys.
A massive 11,000 byte overflow in WatchGuard, some discussion about lock-related vulnerabilities and analysis, and a look at a ChakraCore exploit dealing with all the mitigations (ASLR, DEP, CFG, ACG,CIG)
Short episode this week, looking at some relatively simple vulnerabilities ranging XSS, to leaking internal service credentials in AWS Relational Database Service by disabling validiation.