Bug Bounty7 [0-Day] CVE-2022-32816 - Apple Safari IDN URL Spoofing Vulnerability Original Write up : SSD Advisory – Apple Safari IDN URL Spoofing TL;DR Bad handling by Apple Safari allows attackers to use certain look-alike characters instead of the real ones to confuse victims into thinking they are reach a certain site, while they are accessing another one. Vulnerability Summary A vulnerability in Apple Safari IDN handling allows attackers to perform a URL Spoofing as Safa.. 2022. 8. 7. [0-Day] CVE-2022-1638 ($5,000) - Google Chrome V8 Internationalization Heap Buffer Overflow Vulnerability Title Integer Overflow Leading to OOB Write/Heap-based Buffer Overflow in icu_71::FormattedStringBuilder::insert Summary A OOB Write/Heap-based Buffer Overflow vulnerability exists in the icu_71::FormattedStringBuilder::insert An attacker must open a arbitrary generated HTML file to exploit this vulnerability. Security Severity 8.8 High (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Test environment MacO.. 2022. 8. 7. [0-Day] CVE-2022-0517 - Mozilla VPN Privilege Escalation Vulnerability Title Mozilla VPN Privilege Escalation Vulnerability Summary A Uncontrolled Search Path Element vulnerability exists in the libcrypto-1_1-x64.dll. Attackers place arbitrarily generated openssl.cnf files in the C:\MozillaVPNBuild\SSL to exploit this vulnerability. Security Severity High Root Cause Analysis We can check the logic of loading the openssl.cnf file from the call stack above. libcrypto.. 2022. 4. 30. 이전 1 2 다음
