Category: Vulnerability

15 articles
Date Tue 25 March 2025
Author Mathieu Farrell
Category Vulnerability

A technical exploration of a trivial Local Privilege Escalation Vulnerability in CCleaner <= v1.18.30 on macOS.

Date Fri 14 February 2025
Author Loïc Buckwell
Category Vulnerability

Apple released iOS 18.3.1 (build 22D72) to patch a vulnerability tied to the Accessibility framework and reported by Citizen Lab. Let's analyze it!

Date Tue 16 January 2024
Authors Francisco Falcon, Iván Arce
Category Vulnerability

This blog post provides details about nine vulnerabilities affecting the IPv6 network protocol stack of EDK II, TianoCore's open source reference implementation of UEFI.

Date Tue 07 November 2023
Authors Eloïse Brocas, Damien Cauquil, Robin David, Benoît Forgette
Category Vulnerability

Part 2 of a series about participation in the Pwn2Own Toronto 2023 contest.

Date Mon 21 August 2023
Authors Sami Babigeon, Benoît Forgette
Category Vulnerability

In this blog post, we present a new vulnerability on the Gecko Bootloader from Silicon Labs more precisely inside the OTA parser.

Date Fri 31 March 2023
Authors Sébastien Rolland, Mahé Tardy
Category Vulnerability

This article provides a brief overview of how Microsoft Open Management Infrastructure (OMI) works, as well as two vulnerabilities that the Quarkslab Cloud team identified through fuzzing techniques.

Date Fri 24 March 2023
Authors Eloïse Brocas, Damien Cauquil, Robin David, Benoît Forgette
Category Vulnerability

A journey into the Pwn2Own contest. Part 1: Netgear RAX30 router WAN vulnerabilities

Date Tue 14 March 2023
Author Francisco Falcon
Category Vulnerability

In this blog post we discuss the details of two vulnerabilities we discovered in the Trusted Platform Module (TPM) 2.0 reference implementation code. These two vulnerabilities, an out-of-bounds write (CVE-2023-1017) and an out-of-bounds read (CVE-2023-1018), affected several TPM 2.0 software implementations (such as the ones used by virtualization software) as well as a number of hardware TPMs.

Date Tue 22 March 2022
Author Francisco Falcon
Category Vulnerability

In this blog post we analyze a heap overflow vulnerability we discovered in the IPv6 stack of OpenBSD, more specifically in its slaacd daemon. This issue, whose root cause can be found in the mishandling of Router Advertisement messages containing a DNSSL option with a malformed domain label, was patched by OpenBSD on March 21, 2022. A proof-of-concept to reproduce the vulnerability is provided.

Date Tue 13 April 2021
Authors Robin David, Paul Hernault, Jonathan Salwan
Category Vulnerability

This post is a quick vulnerability report summary for a vulnerability we found while fuzzing the TCP/IP stack CycloneTCP.