[Chrome] Cross-Site Scripting in New-Tab Page [CVE-2021-37999]
The Chrome New Tab Page was vulnerable to a stored cross-site scripting attack in the search suggestion box.
The Chrome New Tab Page was vulnerable to a stored cross-site scripting attack in the search suggestion box.
Always a fun issue to see, the root of it being that a user-mode callback during a ResetDC
(Reset Device Context) can unexpectedly tamper with the device context data that the kernel thinks will be stable.
A privilege escalation to root in PHP FPM from a worker process where the attacker has arbitrary memory read/write and has escaped the PHP sandbox.
Android’s NFC stack uses TCB
or which is assumed to stand for “task control blocks”, which are used to track tasks that come from the NFC controller.The NFC specification supports a variety of formats for different types of NFC tags, and this tag type has to be tracked in the control block…
When purchasing coins for Reddit on Android there is a call to a /verify_purchase
endpoint which is vulnerable to a race condition.The idea being that this endpoint, being provided some of the transaction information would validate it and give the coins to the purchaser, however there is a problem when handling multiple concurrent requests to endpoint…
An unauthenticated file read in GoCD’s Business Continuity Addon (installed and enabled by default) due to change in configuration that that exposed the add-on to unauthenticated users.
Mermaid is a markdown-like syntax for generating flowcharts and is supported by GitLab’s markdown parser.The Mermaid parser itself can be provided various configuration options at initialization time, and then some of those can be overloaded by inline directives…
Discourse exposes a webhook that takes a user-provided “subscribe URL” and passes it into open()
unsanitized.Due to Discourse being written in Ruby, it’s possible to get command execution via the subscribe URL by way of the pipeline operator…
Bit of a logic bug/abuse resulting in the ability to write files with semi-controlled content in any directory regardless of privileges. Under normal circumstances when a suid binary crashes, it will be considered non-dumpable, more generally speaking, when a process has a difference between its real and effective group or user ids it will not be dumped.
There is an out-of-bounds access that occures by causing Squirel to lookup a method in the array of class fields.