SharePoint Workflows are essentially a series of tasks to streamline a business process.With the clear potential for abuse there exist an `authorizedTypes` list that will both allow and block classes...
Had a JWT, and noticed functionality to invite a user to a group and then change their privileges, these privileges were reflected in the JWT scopes.Though modification of this edit user request additional scopes that were not displayed could be added, such as the `company:operations` and `company:support` scopes...
There is a use-after-free on Chrome for Android when fetching credit card details to autofill. This vulnerability does require the victim have credit card details saved by Chrome.
Three meme vulnerabilities in Cisco Hyperflex, two unauthenticated RCEs, one unauthenticated directory traversal attack in a file upload, and two traversal attacks that were authenticated.
Archive Utility on macOS had a bug when encountering long file paths during extraction that would result in the extracted files not recieving the `com.apple.quarantine` attribute that Gatekeeper looks for.
Straight forward version is two Out-Of-Bounds accesses in reading and writing the `Driver feature set`. A guest provided value is stored, and then used as an array index without any validation both in `PciVirtIOWriteMM` and in `PciVirtIOReadMM` giving relative read/write primitives.
A Use-After-Free in Android's ION Allocator used by the kernel for DMA buffers that can be shared across user/kernel/device boundaries.The issue starts from the `DMA_BUF_IOCTL_SYNC` that is exposed by the buffer's file descriptor, this IOCTL can arbitrarily increment or decrement the reference counter for the shared buffer...
Thirteen distinct vulnerabilities in Apache Dubbo related to insecure deserialization, and an excellent look at using CodeQL to assist manual vulnerability research and attack surface discovery. A lot of the interesting points in this post are more about the discovery of new attack surface rather than in the vulnerabilities themselves.