Vulnerabilities (Page 2)

[Glovo] Integer overflow vulnerability

Funny bug in Glovo, which is a delivery platform for taking orders and dispatching deliveries.The bug is an integer overflow in the quantity parameter of the POST request for the order, which can affect the total price of the order…


Use-After-Free in Python 2.7+

Taking an unexpected reference to a memoryview object resulting in a use-after-free when the parent of said object is destroyed.Though this is a rather low impact bug because it requires control over the code being executed, so one could just write an os.system(...) call or something similar…


[PlayStation] Remote kernel heap overflow

Heap overflow in the mbuf zone in the PPPoE driver, which the PS4/PS5 borrow from NetBSD.The issue is the fact that pppoe_send_padr() can calculate a packet length that exceeds MCLBYTES (2048 bytes)…


rubygems CVE-2022-29176 explained


Interesting but fairly simple vuln in rubygems.It’s a design flaw or logic bug in the way versioning works when yanking a gem…