Two integer overflows discovered in the NetUSB.ko kernel module for doing USB over IP. Both were in the SoftwareBus_dispatchNormalEPMsgOut
function, which seems to be a dispatch routine of sorts for user-received data.
Two fundamental issues allowing for XSS in Ruby on Rails (RoR) applications. As RoR is just a framework, these all depend on an application using the framework in a way that exposes these vulnerabilities.
Seems like a case of a generic endpoint being implemented up update any field provided without consideration of other restrictions on said field.In this case we have a PATCH /api/v2.0/accounts/<account_id>
endpoint which ultimately takes in a dictionary containing field/value pairs to be updated for the account id…
This starts off in a pretty straight-forward way with an arbitrary file upload vulnerability, but also includes a bit of discussion about exploiting it in a more hardened environment which had some interesting insight.
Five vulnerabilities in Cloudflare Pages across 3 blog posts. Three vulns are command injection, one is a container escape, and one is a lack of access control.
An access control issue in a fallback price oracle contract.Under normal circumstances, Aave V3 will try to use chainlink oracle for getting price information…
Memory corruption issue in CLFS. The issue comes down to the parsing of log blocks when loading log files from disk.
Blogpost by Microsoft that details a few vulnerabilities in the networkd-dispatcher
component in systemd
which can be chained for LPE.When looking at the code flow, they noticed it would register a signal receiver on the system bus, and the handler would receive a state
path followed by some data…
An uninitialized pointer is freed by proving a malformed IOCA file with a size_Y
of zero.What happens normally is that there is an initialization routine that iterates from size_Y
to 0…
By hiding a cross-site-scripting attack in the profile update functionality, specifically the profile image.Judging from the payload it looks like a straight-forward unescaped input that gets reflected on profile pages, though they did need to contend with Cloudflare’s WAF…