Leaving out many of the specifics about how Azure Sphere devices work.Under normal circumstances it appears that you shoudl neither be able to downgrade a devices firmware, nor install any firmware without providing the Microsoft-signed manifest beforehand...
Out of bounds access in the `GPIO_SET_PIN_CONFIG_IOCTL` leading to information disclosure.When parsing the `lineoffsets` field from the `gpiopin_request` object, there's no bounds checking on it before it's used as an index into an array of descriptions to get a `desc` pointer...
Even if a Shopify blog was private and required a password the post titles and preview of content would be published in the globally accessible atom feed
Stark Bank maintains two libraries "starkbank-ecdsa" one for Python and one for Node which insecurely implement the ECDSA signature verification method. The issue stems from two problems:
Great little bug taking advantage of the ability to manage GSuite users directly from within `domains.google.com` by trusted the Gsuite organization name and ID from the user request. By changing out the organization's domain and id (does require knowing the target organization numeric id) in the requests `domains.google.com` makes when adding a new user, the user will be added to the new domain rather than to the one you actually own.
A relatively trivial heap overflow in the Transparent Inter-Process Communication (TIPC) module of the kernel.The `crypto_key_rcv` function in the driver takes a received packet and parses it for key data...
Multiple vulnerabilities in the Trusted Application, `tzdemuxerservice` used by Samsung Smart TVs, five of the six issues have the same root cause.When a "normal world" application is calling into the "trusted execution environment" (TEE) the parameters can be passed as either by value or by reference...
Gerbv uses a fixed size array to store `gerbv_aperture_t` structures but is indexed by an unrestricted integer providing an out-of-bounds read and write. This array is indexed through an attacker controlled value `tool_num`, while the value is checked against the MIN and MAX values for the array, being out-of-bounds only results in an error message.
Heap overflow in the AMD GPU driver's debugfs write handler for display port test patterns.The driver allocates a 100 byte write buffer to copy data into, but uses the debugfs handler's size parameter for the actual copy...
StreamLabs would normally only redirect to a set of whitelisted domains approved to recieve the `access_token`.The author here put some effort into discovering what domains were approved, and found `http://dragynslair.live` was whitelisted, but no longer registered...