A heap overflow that was found in-the-wild by Google's Threat Analysis Group (TAG) in Chrome. This bug was in the texture subsystem for webGL GLES with textures created from a shared image, which bypasses the texture manager's tracking of the `max_levels` for mipmaps.
Starts off with an exposed activity in the KAYAK app, ends up with session hijacking.
BBCode XSS chained with an admin panel SQL injection for potential for code execution.
Multiple vulnerabilities were announced in Git, the most interesting to me though are the integer overflows in parsing `.gitattributes` leading to out-of-bounds reads and writes.
Cool, yet simple finding from the DataDog security team where calls to an undocument `iamadmin` service would also not appear in CloudTrail logs but could reproduce the functionality of several standard IAM service methods.
Two vulnerabilities, the first an insecure activity is exposed that allows other applications to automatically install any application on the Galaxy Store, the secondis a filter bypass which can lead to navigating the CloudGame webview to an untrusted domain.
An IDOR style issue allowing access to the data plane of a Azure Cognitive Search instance even if that instance was isolated from the internet.
Kinda of a cool race condition and sort of differential attack deep inside XNU's virtual memory system that allows for bypassing "copy on write" and writing to the underlying page without making a copy.
A trivial out of bounds access in the iPod nano 3rd-5th generation's USB stack in the bootROM.The `USB::HandlePendingSetup()` handler for SETUP packets would accept a request and dispatch it to different sub-handlers based on the `bmRequestType`...
Some funny vulns in an undisclosed forum's "teams" feature where users could create their own teams and request to join others as different roles.Users could request to join a team as any non-admin role, and a team admin could accept the request...