The core problem is an integer truncation due to a difference in the size of the `long` primitive type between Windows and Linux systems.On Linux and BSD systems, `sizeof(long)` will return 8, but on Windows this value is 4...
This is one of those cases where assumptions about state are made that can be violated.In `nft_fwd_dup_netdev_offload` when offloading a `dup` or `fwd` rule to hardware the `num_actions` value is used to index the `actions` array and incremented...
Off-by-one issue in computing the `bits_required` value. This computation was performed with a while loop, right-shifting the vlaue by 1 until it is zero, number of shifts is the number of bits needed.
There is an out-of-bounds access that comes because of a difference between parsing the huffman tables vs using the huffman tables.While parsing the table, the function ensures that each identifier can only be between 0 and 3...
I want to say the root of this issue is from trying to determine by name whether an identifier is a commit hash or a branch name.While git allows the creation of branches consisting of 40 hex characters, GitHub will reject the branch...
We touched on a similar issue last week in Zabbix where the ability to access the setup process after it was complete could lead to compromising the system. In this situation no extra trickery was necessary as it appears to have been a bad conditional allowing reentry to the setup functionality.
Multiple bugs in Carbon Black and vRealize Operations Manager, authentication bypassing through proxy trickery, server-side request forgery, credential leaking, and ultimately RCE.
A secure boot bypass by finding an issue before the boot image has been verified.
The lesson here is just don't store session data on the client and if you must, don't take shortcuts, its tough to get right in the first place.Effectively here Zabbix stored session data in the user cookies...
A few vulnerabilities here, inconsisently enforced permissions, server side request forgery with an extension blocklist, and password reset link poisoning.