Aurora Improper Input Sanitization Bugfix Review
tl;dr Force others to pay you a fee for giving them a worthless token.
tl;dr Force others to pay you a fee for giving them a worthless token.
Eight vulnerabilities that were discovered by nccgroup in the UNISOC bootROM.One was in the second-stage recovery mode bootloader (FDL1), five were in the bootROM recovery mode, and two were in U-Boot…
A logic bug in the Linux kernel’s route4_change()
function for route filters that lead to use-after-free (UAF).The problem has to do with how filters are added, particularly when a filter already existed on a handle and needs to be copied over to a new filter…
In responding to a static file request, the Crow HTTP framework would allocate a 16kb buffer and read the target file into it. It would then send the whole buffer to the client regardless of how many bytes were actually read.
A use-after-free vulnerability in the Crow HTTP Framework owing to the input reader being agnostic to HTTP Pipelining (sending more than one HTTP request without waiting for a response on the same connection) and asynchronous workers tracking state expecting one request per connection.
Cool research post introducing a few ModSecurity rule bypasses abusing different parser errors in the ModSecurity Code Rule Set.While those specific to ModSecurity are probably patched by now…
Three vulns that were discovered in Netlify’s Next.js lib, which is heavily used across many cryptocurrency sites due to it’s web3 support. With that context in mind, CIA (confidentiality, integrity, availability) is interesting with web3, as integrity is critical; the data coming from a trusted site needs to be trustworthy, as most users won’t go digging through the blockchain to verify a particular address or transaction matches.
The vulnerability as reported was closed as not a vulnerability, but it did uncover a bug in the Sanitizer API.
Two argument injections that were found in Bitbucket server, though only one of them was exploitable.The first was in the /rest/api/latest/projects/~USER/repos/repo1/browse
endpoint, where an at
parameter could be provided…
Just what can be accomplished when webhooks are allowed to access internal services, Cider Security takes a look specifically at abusing GitHub and GitLab webhooks to access internally hosted Jenkin instances.