In resizing a PNG, in a textual chunk you have keywords and a text string as a value, if the keyword `profile` is used, imagemagick will try to read the associated filename (the text value for the keyword) and will load the content of the file (if it exists) into the resultant image. So in cases where a user uploaded image is resized or processed in some way by imagemagick, it may be possible to leak file content in the resulting image.
A bug was found sort of accidentally in Adreno/KGSL GPU for Android devices.The post covers a lot of background, but what's important is that userspace can map shared memory from the CPU into the GPU, and use it to pass buffers such as command buffers...
A desync between the parameter the authorization check reads, and the value the actual action reads. Leading to an attacker being able to access resources that would have been denied normally.
Some malformed hashes will "validate" with any value compared using `password_verify`. This is due to an old hack in PHP's Blowfish implementation where a malformed hash with a `$` character in the salt segment result in an early `break` and bad following logic.
A small bug in processing/validating the entries in the Merkel tree resulting in the theft of 2 million BNB ($586 Million USD at time of the original theft).
A cool bug that can inject a new user with controlled SSH key into a compute instance and the request doing this can be reached via a GET request with no anti-CSRF token.
Kinda of a cool race condition and sort of differential attack deep inside XNU's virtual memory system that allows for bypassing "copy on write" and writing to the underlying page without making a copy.
**tl;dr** Android Parcels have their own memory pool rather than being free'd all the way back to the general Java memory pool. This custom memory management, combined with a bug resulting in a dangling reference in a Parcel to an older version of the parcel creates a "use-after-free" like situation
A post by project zero on a vuln in a new library used for DER entitlements.Entitlements are Apple's fine-grained permission system and essentially define what capabilities an app or service has...
A total of either issues impacting various companies in the automotive industry, mix of issues from simple SQL injection to some interesting Single Sign On (SSO) implementation decisions.