A number of bugs in Tailscale leading to an RCE chain.
Vulnerabilities tagged "information-disclosure"
A timing-based side-channel in the `CHECK_DATA` Device Configuration Data could allow the value of memory to be disclosed and read even when reading was disabled.
The RH850 is an automotive MCU which features SecureOnboard Communication or SecOC, which includes read protections to prevent the ability to dump the ROM over serial.After reversing the protocol with a logic analyzer, they discovered the authentication was only gated on the sync command (which is required before any other commands are acknowledged)...
Bypassing an authentication check in AWS AppSync by changing the case of a JSON key.
Oversecured pointed their code-scanning tool at discovering issues in vendor patches to the Android System APIs and found a number of places where Samsung introduces vulnerabilities.
An interesting look at an overlooked vulnerability, client-side path traversal.A client-side path traversal is when the path traversal attack lands on the client side rather than the more traditional attack against server-side files...
A long chain of issues going from blind SSRF to new-line injection to a blind Livestatus Query Language (LQL) injection to arbitrary file deletion and finally a race condition leading to authentication bypass.
An in-the-wild exploit chain was discovered that exploits three vulnerabilities in Samsung exynos devices running kernel 4.14.113. It consisted of one userland exploit in Samsung's custom clipboard provider, a kernel infoleak through their `sec_log` functionality, and finally a UAF in the Display Processing Unit (DPU) driver.
As the title says, some weird load balancers issues, core problem being that user-specific data would be cached and returned to other users.
When performing a BulkImport it is possible to provide a URL to`httpUrlToRepo` that will resolve to a repository on the local filesystem.