A nice little logic error abusing an edge case between two different command flags.Curl may remove the wrong file when `--no-clobber` and `--remove-on-error` flags are used together...
Multiple memory corruption bugs in Accel-PPP, an open-source VPN server.These bugs all follow the same basic flawed logic, a length is read from an attacker controlled buffer and then that length of data is copied from the buffer into an awaiting structure...
Memory corruption but only a denial of service out of it, a user-defined size is read and used in a calculation as it calculates the amount of bytes left ot read. This can potentially lead to a buffer overflow, but only writting into unmapped memory rather than corrupting any useful targets.
Two integer overflows discovered in the NetUSB.ko kernel module for doing USB over IP. Both were in the `SoftwareBus_dispatchNormalEPMsgOut` function, which seems to be a dispatch routine of sorts for user-received data.
Two fundamental issues allowing for XSS in Ruby on Rails (RoR) applications. As RoR is just a framework, these all depend on an application using the framework in a way that exposes these vulnerabilities.
Seems like a case of a generic endpoint being implemented up update any field provided without consideration of other restrictions on said field.In this case we have a `PATCH /api/v2.0/accounts/
` endpoint which ultimately takes in a dictionary containing field/value pairs to be updated for the account id...
This starts off in a pretty straight-forward way with an arbitrary file upload vulnerability, but also includes a bit of discussion about exploiting it in a more hardened environment which had some interesting insight.
Five vulnerabilities in Cloudflare Pages across 3 blog posts. Three vulns are command injection, one is a container escape, and one is a lack of access control.
An access control issue in a fallback price oracle contract.Under normal circumstances, Aave V3 will try to use chainlink oracle for getting price information...
Memory corruption issue in CLFS. The issue comes down to the parsing of log blocks when loading log files from disk.