We frequently report and fix security-critical vulnerabilities that we find as a byproduct of our research. Some of bugs that have an explictly assigned CVE or references are listed here:
| Date | Description | Ref. |
|---|---|---|
| 2017/08/16 | Openjpeg 2.2.0 Heap Overflow (link) | CVE-2017-12878 |
| 2017/05/10 | Dropbox Lepton 1.2.1 DoS (link) | CVE-2017-8891 |
| 2016/12/13 | Windows Crypto Driver Information Disclosure Vulnerability (link) | CVE-2016-7219 (MS16-149) |
| 2016/12/13 | Windows Crypto Driver Information Disclosure Vulnerability (link) | CVE-2016-7219 (MS16-149) |
| 2016/06/09 | A heap overflow in zipimporter module (link) | CVE-2016-5636, IBB-Python #26171 |
| 2016/06/04 | tipc: a kernel infoleak (leaking up to 60 bytes) in tipc_nl_compat_link_dump (link) | CVE-2016-5243 |
| 2016/06/04 | rds: a kernel infoleak in rds_inc_info_copy (link) | CVE-2016-5244 |
| 2016/05/31 | mac80211: stack object deauth_buf in net/mac80211/mlme.c is not initialized but leaked | AndroidID-28620568 |
| 2016/05/31 | bcmdhd: many fields of stack object sinfo (drivers/net/wireless/bcmdhd/wl_cfg80211.c) are not initialized and the whole object is leaked. | AndroidID-28619338 |
| 2016/05/31 | wireless: not all fields of stack object hdr (net/wireless/util.c) are initialized before it is leaked. | AndroidID-28620324 |
| 2016/05/31 | netfilter: not all fields of stack object phw (net/netfilter/nfnetlink_queue_core.c) are initialized, which is however leaked via nla_put | AndroidID-28673002 |
| 2016/05/31 | netfilter: not all fields of stack object phw (net/netfilter/nfnetlink_log.c) are initialized, which is however leaked via nla_put | AndroidID-28673002 |
| 2016/05/31 | netfilter: one padding byte of pmsg (net/netfilter/nfnetlink_log.c) is not initialized but leaked via nla_put | AndroidID-28672819 |
| 2016/05/31 | ipv6: some padding bytes of errhdr (net/ipv6/datagram.c) object are not initialized but leaked via put_cmsg | AndroidID-28672560 |
| 2016/05/31 | media: some fields of u_ent (drivers/media/media-device.c) are not initialized but leaked via copy_to_user | AndroidID-28616963 |
| 2016/05/31 | media: some fields of pad (drivers/media/media-device.c) are not initialized but leaked via copy_to_user | AndroidID-28616963 |
| 2016/05/31 | media: some fields of link (drivers/media/media-device.c) are not initialized but leaked via copy_to_user | AndroidID-28616963 |
| 2016/05/17 | Kernel driver vulnerability in Eset Smart Security (link) | N/A |
| 2016/05/10 | x25: Linux kernel information leak vulnerability in x25_negotiate_facilities (link, link) | CVE-2016-4569 |
| 2016/05/10 | ASLA: Two Linux kernel information leak vulnerabilities in timer (link, link) | CVE-2016-4578 |
| 2016/05/09 | ASLA: Linux kernel information leak vulnerability in timer (link) | CVE-2016-4569 |
| 2016/05/04 | Linux kernel information leak vulnerabilityi(llc module) (link) | CVE-2016-4485 |
| 2016/05/04 | Linux kernel information leak vulnerability(netlink module) (link) | CVE-2016-4486 |
| 2016/05/04 | Linux kernel information leak vulnerability(USB module) (link) | CVE-2016-4482 |
| 2016/02/09 | Windows Elevation of Privilege Vulnerability (link) | CVE-2016-0040 (MS16-014) |
| 2016/01/27 | An integer overflow bug in php_str_to_str_ex() led arbitrary code execution. (link) | Bug #71450, IBB-PHP #113122 |
| 2016/01/27 | An integer overflow bug in php_implode() could lead heap overflow, make crashes (link) | Bug #71449, IBB-PHP #113120 |
| 2016/01/24 | Integer overflow in wordwrap (link) | Pull request #1738, IBB-PHP #113268 |
| 2015/11/10 | Windows NDIS Elevation of Privilege Vulnerability (independently reported) (link) | CVE-2015-6098 (MS15-117) |
| 2015/11/04 | Elevation of Privilege Vulnerability in Telephony (link) | CVE-2015-6614 |
| 2015/10/16 | Voice over LTE implementations contain multiple vulnerabilities (link) | VU#943167 |
| 2015/08/10 | Integer overflow in ui/cursor.c (link) | N/A |
| 2014/12/02 | Bad casting from the BasicThebesLayer to BasicContainerLayer (link) | CVE-2014-1594 |