This week we have some fun with some bugs that really shouldn't have passed code-review, we of course talk about Spring4Shell/SpringShell and dive into the decade long history of that bug, and a bit of discussion about triaging more subtle bugs.
Plenty of exploit strategy talk this week with vulnerabilities and complete exploits targeting a NAS, a router, and a Linux Kernel module with a page-level overflow.
Some easy vulnerabilities this week, a directory traversal due to a bad regex, a simply yet somewhat mysterious authentication bypass, arbitrary file read in GitLab thanks to archives with symlinks, and a PHP filter_var bypass.
Some unusual issues this week as we get into some speculative executive issues, and some more usual Linux and Window's kernel vulnerabilities. Also some discussion about security through obscurity and the nvidia leaks.
No spot the vuln this week, but we do have a cool kernel bug, "Dirty Pipe", a look at a stack based overflow: BrokenPrint, and finally some discussion about memory tagging.
A few interesting issues you this week, a JS race condition in some auth related code for Facebook, some fake prepared queries, and a RCE through sed commands (in pfSense)
Quick episode with four somewhat simple bugs in JPEG parsing, a remote memory disclosure in libcurl due to the difference `sizeof(long)` on Linux vs Windows, and a heap out of bounds write in the Linux Kernel.
Just one vulnerability this week, a secure boot bypass, and some research into detecting compiler introduced bugs. Ending the week with a discussion about how to learn fuzzing.
Lets talk about "sidedoors" this week, with two vulnerabilities abusing alternative access points, along with an overly verbose error message that actually had some immediate impact, and a look at the challenges of client-sided session.
This week we discuss taint analysis and where to use it compared with fuzzing, a couple buggy code patterns in Go to be on the lookout for, and another remote stack-overflow in the Kernel TIPC module.
CSRF lives again in the form of CORF, Cross-Origin Request Forgery with an attack against Grafana. We also take a look at some baby monitor issues and a de-anonymization attack against Twitter.