Vulnerabilities tagged "vulnerability"

lateralus (CVE-2023-32407) - a macOS TCC bypass

A classic filesystem race condition in Metal-based macOS applications that can lead to bypassing of macOS' Transparency Consent and Control privacy framework (TCC).Applications that rely on the Metal framework will look for and process the `MTL_DUMP_PIPELINES_TO_JSON_FILE` environment variable to write debugging data to as that application, even if the given filepath already exists...

[Kubernetes] Ingress nginx annotation injection causes arbitrary command execution

This vulnerability impacts kubernetes setups using NGINX as the ingress controller via [ingress-nginx]( At first I wanted to blame this one on block-listing when they should have used an allow-list, but its not quite that, but it is basically just a missed edge-case that allows for code execution.

Usurping Mastodon instances - [CVE-2023-42451]

Normalization gone wrong, Mastodon, when attempting to normalize a domain would intend to remove any trailing `/`from it, however they did this using `.delete("/")` which removes all `/` characters from the string instead of just a trailing `/`. This meant that someone could use an account like `` to spoof the account ``.