security research, vulnerability, git, github, advisory — 15 January 2021 Attack of the clones 2: Git CLI remote code execution strikes back Introduction This post is the second part of the story of a vulnerability that could be leveraged as a supply chain attack and used to hack millions of software developers around the world. We will describe all details about CVE-2020-26233,...
security research, vulnerability, git, github — 05 November 2020 Attack of the clones: Git clients remote code execution Introduction This post is a rather unusual story of a vulnerability that could be leveraged as a supply chain attack and used to attack millions of software developers around the world. It is also a tale of a bug collision...
security research, advisory, vulnerability, mattermost — 20 July 2020 Security advisory: Mattermost Mobile for iOS v1.31.0 Authentication Token Leakage and Account Takeover Advisory information Title: Mattermost Mobile for iOS Authentication Token Leakage and Account Takeover Advisory reference: BLAZE-05-2020 Product: Mattermost Mobile Client for iOS v1.31.0 (Build 293) CVE reference: CVE-2020-13891 Vendor reference: MMSA-2020-0022 Disclosure mode: Coordinated disclosure Product description Mattermost...
security research, advisory, vulnerability, privilege escalation — 22 June 2020 Security advisory: Mullvad VPN client for Windows 2020.3 local privilege escalation Advisory information Title: Mullvad VPN client for Windows 2020.3 local privilege escalation Advisory reference: BLAZE-03-2020 Product: Mullvad 2020.3 for Windows CVE reference: CVE-2020-14197 Disclosure mode: Coordinated Product description Mullvad is a Sweden-based VPN provider with a strong focus...
security research, advisory, i2p, vulnerability, privilege escalation — 29 May 2020 Security advisory: i2p for Windows local privilege escalation Advisory information Title: i2p for Windows local privilege escalation Advisory reference: BLAZE-02-2020 Product: i2p 0.7.5 to 0.9.45 for Windows CVE reference: CVE-2020-13431 Disclosure mode: Coordinated Product description i2p (The Invisible Internet Project) is an anonymous network,...