Had a JWT, and noticed functionality to invite a user to a group and then change their privileges, these privileges were reflected in the JWT scopes.Though modification of this edit user request additional scopes that were not displayed could be added, such as the company:operations
and company:support
scopes…
Bit of a saga starting with a patch to Apache httpd earlier this year that introduced an old vulnerability back into the Apache when encountering
There is a use-after-free on Chrome for Android when fetching credit card details to autofill. This vulnerability does require the victim have credit card details saved by Chrome.
First a bit of background terminology as I understand it. Not being familiar with v8 there are likely some subtleties I am missing.
Root cause here is an XSS in the “My Flow” feature resulting in client-side code execution.
Three more OAuth flow vulnerabilities
Three meme vulnerabilities in Cisco Hyperflex, two unauthenticated RCEs, one unauthenticated directory traversal attack in a file upload, and two traversal attacks that were authenticated.
Archive Utility on macOS had a bug when encountering long file paths during extraction that would result in the extracted files not recieving the com.apple.quarantine
attribute that Gatekeeper looks for.
Straight forward version is two Out-Of-Bounds accesses in reading and writing the Driver feature set
. A guest provided value is stored, and then used as an array index without any validation both in PciVirtIOWriteMM
and in PciVirtIOReadMM
giving relative read/write primitives.
A Use-After-Free in Android’s ION Allocator used by the kernel for DMA buffers that can be shared across user/kernel/device boundaries.The issue starts from the DMA_BUF_IOCTL_SYNC
that is exposed by the buffer’s file descriptor, this IOCTL can arbitrarily increment or decrement the reference counter for the shared buffer…