Vulnerabilities (Page 10)

Two vulnerabilities in Parallels Desktop, a plist injection and a Time-of-Check Time-of-Use (TOCTOU) race.

An attack that confuses security tooling into an insecure action.So, what is dependabot, if you’ve used GitHub you’ve probably seen it around…

OpenAI would provide some free credits to a user once they verify their phone number, and then to prevent abuse, ensure phone numbers are unique.Its a sane plan, but Checkmarx did find a way to bypass this…

Two issues came together here, the first one is the more “fun” issue in a file upload handler.

A fun little chain to get a one-click CSRF attack on a redacted domain.

This one is easy enough, missing a bounds check when handling nested messages allowed for sending a message with a bunch of nested messages that would be parsed and written out of bounds on a fixed size buffer.

A logic bug when dealing with the parsing of the git/.config file, which could be triggered via git submodules.The relevant function for the vuln here is git_config_copy_or_rename_section_in_file(), which would remove or rename configuration sections in-place in the config file…

CVE-2023-27322 - Local Privilege Escalation Through Parallels Service

Project zero found a complex bug in the Windows kernel registry subsystem which create type confusion situations.Windows supports the ability to rename registry keys in place, which is facilitated by the NtRenameKey() syscall…

A pretty classic string escaping bug in GhostScript, one common and buggy edge case when escaping characters in a buffer is to not properly account for escapes that happen at the very limit of the destination buffer.As was the case here, despite checking that the limit of the buffer was not reached on every iteration, when a character was found that should be escaped, it would write to the destination buffer write, first with the escape character (0x01) and then again with an XOR’d version of the character to be escaped…