We frequently report and fix security-critical vulnerabilities that we find as a byproduct of our research. Some of bugs that have an explictly assigned CVE or references are listed here:
| Date | Description | Ref. | Lead |
|---|---|---|---|
| 2024/04/09 | Heap buffer-overflow in sdhci_read_dataport() of QEMU (link) | CVE-2024-3447 | Chuhong Yuan |
| 2023/09/20 | Bad-free error in FastDDS while handling malformed packet (link) | CVE-2023-42459 | Seulbae Kim |
| 2023/09/10 | Buffer overflow in esp_do_nodma() of QEMU (link) | CVE-2024-24474 | Chuhong Yuan |
| 2023/09/10 | Division by zero in scsi_disk_reset() of QEMU (link) | CVE-2023-42467 | Chuhong Yuan |
| 2023/08/14 | Null pointer dereference in nvme_directive_receive() of QEMU (link) | CVE-2023-40360 | Chuhong Yuan |
| 2023/08/11 | Heap out-of-bound reads and writes in FastDDS (link, link) | CVE-2023-39946, CVE-2023-39947 | Seulbae Kim |
| 2023/08/11 | Malformed packets remotely raise unhandled exceptions in Fast DDS (link, link) | CVE-2023-39945, CVE-2023-39948 | Seulbae Kim |
| 2023/08/11 | Malformed packet remotely triggers multiple assertion failures in Fast DDS (link, link) | CVE-2023-39534, CVE-2023-39949 | Seulbae Kim |
| 2023/07/21 | Improper input validation leads to remotely triggered crash in OpenDDS (link) | CVE-2023-37915 | Seulbae Kim |
| 2023/01/31 | Heap overflow in OpenDDS while handling malformed packets (link) | CVE-2023-23292 | Seulbae Kim |
| 2021/03/28 | Double free in Vec::from_iter specialization when drop panics (link) | CVE-2021-31162 | Yechan Bae |
| 2021/03/07 | 'merge_sort::merge()' crashes with double-free for `T: Drop` (link) | CVE-2021-31996 | Rudra project members |
| 2021/03/03 | Intern | CVE-2021-28037 | Rudra project members |
| 2021/03/01 | split_at allows obtaining multiple mutable references to the same data (link) | CVE-2021-28032 | Rudra project members |
| 2021/03/01 | Deserializing an array can drop uninitialized memory on panic (link) | CVE-2021-28033 | Rudra project members |
| 2021/02/26 | Multiple functions can cause double-frees (link) | CVE-2021-30455, CVE-2021-30456, CVE-2021-30457 | Rudra project members |
| 2021/02/24 | swap_index can write out of bounds and return uninitialized memory (link) | CVE-2021-29941, CVE-2021-29942 | Rudra project members |
| 2021/02/22 | push_cloned can drop uninitialized memory or double free on panic (link) | CVE-2021-28034, CVE-2021-28035 | Rudra project members |
| 2021/02/19 | Multiple memory safety issues in insert_row (link) | CVE-2021-28028, CVE-2021-28029 | Rudra project members |
| 2021/02/19 | SliceDeque::drain_filter can double drop an element if the predicate panics (link) | CVE-2021-29938 | Rudra project members |
| 2021/02/19 | StackVec::extend can write out of bounds when size_hint is incorrect (link) | CVE-2021-29939 | Rudra project members |
| 2021/02/18 | Zip can cause buffer overflow when a consumed Zip iterator is used again (link) | CVE-2021-28879 | Yechan Bae |
| 2021/02/18 | move_elements can double-free objects on panic (link) | CVE-2021-28031 | Rudra project members |
| 2021/02/18 | `through` and `through_and` causes a double free if the map function panics (link) | CVE-2021-29940 | Rudra project members |
| 2021/02/17 | misc::vec_with_size() can drop uninitialized memory if clone panics (link) | CVE-2021-29937 | Rudra project members |
| 2021/02/17 | PartialReader passes uninitialized memory to user-provided Read (link) | CVE-2021-29934 | Rudra project members |
| 2021/02/17 | Tape::take_bytes exposes uninitialized memory to a user-provided Read (link) | CVE-2021-28030 | Rudra project members |
| 2021/02/09 | Use after free possible in `uri::Formatter` on panic (link) | CVE-2021-29935 | Rudra project members |
| 2021/02/04 | Panic safety issue in Zip specialization (link) | CVE-2021-28876 | Yechan Bae |
| 2021/02/03 | insert_slice_clone can double drop if Clone panics. (link) | CVE-2021-26954 | Rudra project members |
| 2021/01/31 | KeyValueReader passes uninitialized memory to Read instance (link) | CVE-2021-30454 | Rudra project members |
| 2021/01/30 | `Read` on uninitialized buffer may cause UB (`impl Walue for Vec | CVE-2021-26953 | Rudra project members |
| 2021/01/26 | `IoReader::read()`: user-provided `Read` on uninitialized buffer may cause UB (link) | CVE-2021-26952 | Rudra project members |
| 2021/01/26 | Record::read : Custom `Read` on uninitialized buffer may cause UB (link) | CVE-2021-26308 | Rudra project members |
| 2021/01/26 | insert_many can drop elements twice on panic (link) | CVE-2021-29933 | Rudra project members |
| 2021/01/12 | panic safety: double drop or uninitialized drop of T upon panic (link) | CVE-2021-29930, CVE-2021-29931 | Rudra project members |
| 2021/01/12 | panic safety: double drop may happen within `util::{mutate, mutate2}` (link) | CVE-2021-25907 | Rudra project members |
| 2021/01/11 | FromIterator implementation for Vector/Matrix can drop uninitialized memory (link) | CVE-2021-29936 | Rudra project members |
| 2021/01/10 | Logic bug in Read can cause buffer overflow in read_to_end() (link) | CVE-2021-28875 | Rudra project members |
| 2021/01/10 | Double drop upon panic in 'fn map_array()' (link) | CVE-2021-25902 | Rudra project members |
| 2021/01/10 | panic safety issue in `impl TransformContent | CVE-2021-25906 | Rudra project members |
| 2021/01/08 | Buffer overflow in SmallVec::insert_many (link) | CVE-2021-25900 | Rudra project members |
| 2021/01/07 | Loading a bgzip block can write out of bounds if size overflows. (link) | CVE-2021-28027 | Rudra project members |
| 2021/01/07 | `Frame::copy_from_raw_parts` can lead to segfault without `unsafe` (link) | CVE-2021-25904 | Rudra project members |
| 2021/01/06 | `Sectors::get` accesses unclaimed/uninitialized memory (link) | CVE-2021-26951 | Rudra project members |
| 2021/01/04 | panic in user-provided `Endian` impl triggers double drop of T (link) | CVE-2021-29929 | Rudra project members |
| 2021/01/04 | EventList's From | CVE-2021-25908 | Rudra project members |
| 2021/01/02 | Reading uninitialized memory can cause UB (`Deserializer::read_vec`) (link) | CVE-2021-26305 | Rudra project members |
| 2021/01/02 | reading on uninitialized buffer can cause UB (`impl | CVE-2021-25905 | Rudra project members |
| 2020/12/31 | `impl Random` on arrays can lead to dropping uninitialized memory (link) | CVE-2020-36210 | Rudra project members |
| 2020/12/31 | `FixedCapacityDequeLike::clone()` can cause dropping uninitialized memory (link) | CVE-2020-36452 | Rudra project members |
| 2020/12/25 | Queues allow non-Send types to be sent to other threads, allowing data races (link) | CVE-2020-36463 | Rudra project members |
| 2020/12/23 | API soundness issue in join() implementation of [Borrow | CVE-2020-36323 | Rudra project members |
| 2020/12/22 | `Demuxer` can carry non-Send types across thread boundaries (link) | CVE-2020-36220 | Rudra project members |
| 2020/12/22 | conquer-once's OnceCell lacks Send bound for its Sync trait. (link) | CVE-2020-36208 | Rudra project members |
| 2020/12/21 | Update unsound DrainFilter and RString::retain (link) | CVE-2020-36212, CVE-2020-36213 | Rudra project members |
| 2020/12/20 | Soundness issue: Input | CVE-2020-36216 | Rudra project members |
| 2020/12/19 | Queues allow non-Send types to be sent to other threads, allowing data races (link) | CVE-2020-36214 | Rudra project members |
| 2020/12/18 | UsbContext trait did not require implementers to be Send and Sync. (link) | CVE-2020-36206 | Rudra project members |
| 2020/12/18 | ButtplugFutureStateShared allows data race to (!Send|!Sync) objects (link) | CVE-2020-36218 | Rudra project members |
| 2020/12/18 | ImmediateIO and TransactionalIO can cause data races (link) | CVE-2020-36472 | Rudra project members |
| 2020/12/18 | SyncRef's clone() and debug() allow data races (link) | CVE-2020-36447 | Rudra project members |
| 2020/12/18 | ShmWriter allows sending non-Send type across threads (link) | CVE-2020-36449 | Rudra project members |
| 2020/12/17 | RingBuffer can create multiple mutable references and cause data races (link) | CVE-2020-36470 | Rudra project members |
| 2020/12/10 | Aovec | CVE-2020-36207 | Rudra project members |
| 2020/12/10 | Soundness issue with base::Error (link) | CVE-2020-36205 | Rudra project members |
| 2020/12/10 | Multiple soundness issues in `Ptr` (link) | CVE-2020-36466, CVE-2020-36467, CVE-2020-36468 | Rudra project members |
| 2020/12/10 | MvccRwLock allows data races & aliasing violations (link) | CVE-2020-36461 | Rudra project members |
| 2020/12/09 | Dangling reference in `access::Map` with Constant (link) | CVE-2020-35711 | Rudra project members |
| 2020/12/09 | dces' World type can cause data races (link) | CVE-2020-36459 | Rudra project members |
| 2020/12/08 | ImageChunkMut needs bounds on its Send and Sync traits (link) | CVE-2020-36211 | Rudra project members |
| 2020/12/08 | Thex | CVE-2020-35927 | Rudra project members |
| 2020/12/08 | ArcGuard's Send and Sync should have bounds on RC (link) | CVE-2020-36444 | Rudra project members |
| 2020/12/08 | Future | CVE-2020-36438 | Rudra project members |
| 2020/12/01 | Unsound: can make `ARefss` contain a !Send, !Sync object. (link) | CVE-2020-36203 | Rudra project members |
| 2020/11/29 | MPMCConsumer/Producer allows sending non-Send type across threads (link) | CVE-2020-35925 | Rudra project members |
| 2020/11/29 | Send bound needed on T (for Send impl of `Bucket2`) (link) | CVE-2020-36462 | Rudra project members |
| 2020/11/24 | QueueSender | CVE-2020-36437 | Rudra project members |
| 2020/11/24 | Cache | CVE-2020-36448 | Rudra project members |
| 2020/11/24 | convec::ConVec | CVE-2020-36445 | Rudra project members |
| 2020/11/17 | TryMutex | CVE-2020-35924 | Rudra project members |
| 2020/11/17 | Slock | CVE-2020-36455 | Rudra project members |
| 2020/11/17 | ReadTicket and WriteTicket should only be sendable when T is Send (link) | CVE-2020-36439 | Rudra project members |
| 2020/11/16 | Singleton lacks bounds on Send and Sync. (link) | CVE-2020-36435 | Rudra project members |
| 2020/11/16 | Generators can cause data races if non-Send types are used in their generator functions (link) | CVE-2020-36471 | Rudra project members |
| 2020/11/15 | Queue | CVE-2020-36453 | Rudra project members |
| 2020/11/15 | SyncChannel | CVE-2020-36446 | Rudra project members |
| 2020/11/15 | CopyCell lacks bounds on its Send trait allowing for data races (link) | CVE-2020-36456 | Rudra project members |
| 2020/11/15 | PinSlab | CVE-2020-36436 | Rudra project members |
| 2020/11/15 | Data race and memory safety issue in `Index` (link) | CVE-2020-36469 | Rudra project members |
| 2020/11/14 | Send/Sync bound needed on T for Send/Sync impl of RcuCell | CVE-2020-36451 | Rudra project members |
| 2020/11/14 | `LockWeak | CVE-2020-36454 | Rudra project members |
| 2020/11/13 | Send/Sync bound needed on V in `impl Send/Sync for ARCache | CVE-2020-35928 | Rudra project members |
| 2020/11/12 | Bunch | CVE-2020-36450 | Rudra project members |
| 2020/11/10 | AtomicBox | CVE-2020-36457 | Rudra project members |
| 2020/11/10 | AtomicBox | CVE-2020-36441 | Rudra project members |
| 2020/11/10 | `Decoder | CVE-2020-36440 | Rudra project members |
| 2020/11/10 | hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait. (link) | CVE-2020-36215 | Rudra project members |
| 2020/11/10 | may_queue's Queue lacks Send/Sync bound for its Send/Sync trait. (link) | CVE-2020-36217 | Rudra project members |
| 2020/11/10 | LateStatic has incorrect Sync bound (link) | CVE-2020-36209 | Rudra project members |
| 2020/11/10 | ReaderResult should be bounded by Sync (link) | CVE-2020-36458 | Rudra project members |
| 2020/11/10 | `Shared` can cause a data race (link) | CVE-2020-36460 | Rudra project members |
| 2020/11/09 | TreeFocus lacks bounds on its Send and Sync traits (link) | CVE-2020-36204 | Rudra project members |
| 2020/11/08 | Some lock_api lock guard objects can cause data races (link) | CVE-2020-35910, CVE-2020-35911, CVE-2020-35912, CVE-2020-35913, CVE-2020-35914 | Rudra project members |
| 2020/10/31 | AtomicOption should have Send + Sync bound on its type argument. (link) | CVE-2020-36219 | Rudra project members |
| 2020/10/31 | GenericMutexGuard allows data races of non-Sync types across threads (link) | CVE-2020-35915 | Rudra project members |
| 2020/10/28 | beef::Cow lacks a Sync bound on its Send trait allowing for data races (link) | CVE-2020-36442 | Rudra project members |
| 2020/10/23 | MutexGuard::map can cause a data race in safe code (link) | CVE-2020-35905 | Rudra project members |
| 2020/09/27 | VecCopy allows misaligned access to elements (link) | CVE-2020-35903 | Rudra project members |
| 2020/09/26 | array_queue pop_back() may cause a use-after-free (link) | CVE-2020-35900 | Rudra project members |
| 2020/09/24 | Missing check in ArrayVec leads to out-of-bounds write. (link) | CVE-2020-35895 | Rudra project members |
| 2020/09/21 | Unsafe Send implementation in Atom allows data races (link) | CVE-2020-35897 | Rudra project members |
| 2020/09/06 | Multiple soundness issues in Chunk and InlineArray (link) | CVE-2020-25791, CVE-2020-25792, CVE-2020-25793, CVE-2020-25794, CVE-2020-25795, CVE-2020-25796 | Rudra project members |
| 2020/09/03 | Obstack generates unaligned references (link) | CVE-2020-35894 | Rudra project members |
| 2020/09/03 | `index()` allows out-of-bound read and `remove()` has off-by-one error (link) | CVE-2020-35892, CVE-2020-35893 | Rudra project members |
| 2020/09/03 | Memory safety issues in `compact::Vec` (link) | CVE-2020-35890, CVE-2020-35891 | Rudra project members |
| 2020/08/31 | Misbehaving `HandleLike` implementation can lead to memory safety violation (link) | CVE-2020-35889 | Rudra project members |
| 2020/08/25 | Multiple security issues including data race, buffer overflow, and uninitialized memory drop (link) | CVE-2020-35886, CVE-2020-35887, CVE-2020-35888 | Rudra project members |
| 2020/08/25 | Matrix::new() drops uninitialized memory (link) | CVE-2020-36432 | Rudra project members |
| 2020/08/25 | Chunk API does not respect align requirement (link) | CVE-2020-36433 | Rudra project members |
| 2020/08/20 | StrcCtx deallocates a memory region that it doesn't own (link) | CVE-2020-35885 | Rudra project members |
| 2020/07/15 | Use-after-free in WebKit DOM that may lead to arbitrary code execution (link) | CVE-2020-9895 | Wen Xu |
| 2020/07/04 | Ozone contains several memory safety issues (link) | CVE-2020-35877, CVE-2020-35878 | Rudra project members |
| 2020/05/27 | `LocalRequest::clone` creates multiple mutable references to the same object (link) | CVE-2020-35882 | Rudra project members |
| 2020/05/26 | Incorrect JIT modeling in WebKit that leads to type confusion (link) | CVE-2020-9850 | Yonghwi Jin, Jungwon Lim, Insu Yun |
| 2020/05/26 | A logic issue that causes Safari to launch a malicious application (link) | CVE-2020-9801 | Yonghwi Jin, Jungwon Lim, Insu Yun |
| 2020/05/26 | Race condition bug in macOS that leads to elevation of privilege (link) | CVE-2020-9839 | Yonghwi Jin, Jungwon Lim, Insu Yun |
| 2020/05/26 | Memory corruption in macOS that ledas to elevation of privilege (link) | CVE-2020-9856 | Yonghwi Jin, Jungwon Lim, Insu Yun |
| 2020/05/26 | Memory corruption in WebKit DOM that may lead to arbitrary code execution (link) | CVE-2020-9803 | Wen Xu |
| 2020/05/26 | Memory corruption in WebKit DOM that may lead to arbitrary code execution (link) | CVE-2020-9806 | Wen Xu |
| 2020/05/26 | Memory corruption in WebKit DOM that may lead to arbitrary code execution (link) | CVE-2020-9807 | Wen Xu |
| 2020/02/11 | Lifetime boundary for `raw_slice` and `raw_slice_mut` are incorrect (link) | CVE-2020-35879 | Rudra project members |
| 2020/02/04 | Type Confusion in JavaScript (link) | CVE-2020-6382 | Soyeon Park, Wen Xu |
| 2020/01/24 | Contents of uninitialized memory exposed in DeflateOutput's AsyncRead implementation (link) | CVE-2020-36443 | Rudra project members |
| 2019/12/11 | Type Confusion in V8 (link) | CVE-2019-13730, CVE-2019-13764 | Soyeon Park, Wen Xu |
| 2019/12/10 | Memory corruption in macOS that leads arbitrary code execution with system privileges (link) | CVE-2019-8832 | Insu Yun |
| 2019/11/16 | HeaderMap::Drain API is unsound (link) | CVE-2019-25009 | Rudra project members |
| 2019/11/16 | Integer Overflow in HeaderMap::reserve() can cause Denial of Service (link) | CVE-2020-25574, CVE-2019-25008 | Rudra project members |
| 2019/11/13 | Type confusion if __private_get_type_id__ is overridden (link) | CVE-2020-25575, CVE-2019-25010 | Rudra project members |
| 2019/10/31 | Memory corrution in WebKit that leads to arbitrary code execution (link) | CVE-2019-8811, CVE-2019-8816 | Soyeon Park |
| 2019/10/07 | Memory corrution in WebKit that leads to arbitrary code execution (link) | CVE-2019-8720 | Wen Xu |
| 2019/08/21 | Memory corruption in Microsoft ChakraCore Scripting Engine (link) | CVE-2019-1300 | Soyeon Park |
| 2019/07/23 | Memory corrution in WebKit that leads to arbitrary code execution (link) | CVE-2019-8688 | Insu Yun |
| 2019/07/23 | Memory corrution in WebKit that leads to arbitrary code execution (link) | CVE-2019-8673, CVE-2019-8676 | Wen Xu, Soyeon Park |
| 2019/07/17 | Memory corruption in Microsoft ChakraCore Scripting Engine (link) | CVE-2019-1092 | Soyeon Park |
| 2019/06/13 | Scripting Engine Information Disclosure Vulnerability (link) | CVE-2019-1023 | Wen Xu, Soyeon Park |
| 2019/06/08 | Memory corruption in Microsoft ChakraCore Scripting Engine (link) | CVE-2019-0990 | Soyeon Park |
| 2019/05/13 | Memory corrution in WebKit that leads to arbitrary code execution (link) | CVE-2019-8596, CVE-2019-8609 | Wen Xu |
| 2019/05/13 | Memory corruption in WebKit that circumvents sandbox restrictions (link) | CVE-2019-8619, CVE-2019-8628 | Wen Xu, Hanqing Zhao |
| 2019/04/23 | Heap overflow in ANGLE on Windows (link) | CVE-2019-5817 | Wen Xu |
| 2019/04/23 | Integer overflow in ANGLE (link) | CVE-2019-5806 | Wen Xu |
| 2019/04/23 | Use-after-free in ANGLE on Windows (beta) (link) | Issue 943424 | Wen Xu |
| 2019/04/23 | Use-after-free in ANGLE (beta) (link) | Issue 943538 | Wen Xu |
| 2019/03/25 | Memory corruption in WebKit that circumvents sandbox restrictions (link) | CVE-2019-8562 | Wen Xu, Hanqing Zhao |
| 2019/02/12 | Memory corruption in Microsoft ChakraCore Scripting Engine (link) | CVE-2019-0609 | Soyeon Park, Wen Xu |
| 2019/02/03 | Use-After-Free in WebKit that may lead to arbitrary code execution (link) | CVE-2019-6212 | Wen Xu |
| 2018/07/27 | Linux HFS+ memory corruption (link) | CVE-2018-14617 | Wen Xu |
| 2018/07/27 | Linux F2FS memory corruptions (link, link, link) | CVE-2018-14614,14615,14616 | Wen Xu |
| 2018/07/27 | Linux Btrfs memory corruptions (link, link, link, link, link) | CVE-2018-14609,14610,14611,14612,14613 | Wen Xu, Po-Ning Tseng |
| 2018/07/16 | Linux ext4 memory corruptions (link, link, link, link, link) | CVE-2018-10879,10880,10881,10882,10883 | Wen Xu |
| 2018/07/16 | Linux ext4 memory corruptions (link, link, link, link) | CVE-2018-10840,10876,10877,10878 | Wen Xu |
| 2018/07/03 | Linux F2FS memory corruptions (link, link, link, link, link) | CVE-2018-13096,13097,13098,13099,13100 | Wen Xu |
| 2018/07/03 | Linux XFS memory corruption (link, link, link) | CVE-2018-13093,13094,13095 | Wen Xu |
| 2018/04/24 | Linux XFS memory corruptions (link, link) | CVE-2018-10322,10323 | Wen Xu |
| 2018/04/01 | Linux ext4 memory corruptions (link, link, link, link) | CVE-2018-1092,1093,1094,1095 | Wen Xu |
| 2017/11/30 | FFmpeg out-of-bound read in gmc_mmx (link) | CVE-2017-17081 | Insu Yun |
| 2017/11/30 | Binutils heap overflow in bfd_getl32 (link) | CVE-2017-17080 | Insu Yun |
| 2017/09/05 | FreeBSD netsmb double-fetch (link) | CVE-2017-15037 | Meng Xu |
| 2017/08/16 | Openjpeg 2.2.0 Heap Overflow (link) | CVE-2017-12878 | Insu Yun |
| 2017/05/10 | Dropbox Lepton 1.2.1 DoS (link) | CVE-2017-8891 | Insu Yun |
| 2017/03/12 | Audiofile heap overflow in Expand3To4Module::run (link) | CVE-2017-6836 | Insu Yun |
| 2016/12/13 | Windows Crypto Driver Information Disclosure Vulnerability (link) | CVE-2016-7219 (MS16-149) | Su Yong Kim, Sangho Lee, Byoungyoung Lee |
| 2016/06/09 | A heap overflow in zipimporter module (link) | CVE-2016-5636, IBB-Python #26171 | Insu Yun, Yeongjin Jang |
| 2016/06/04 | tipc: a kernel infoleak (leaking up to 60 bytes) in tipc_nl_compat_link_dump (link) | CVE-2016-5243 | Kangjie Lu |
| 2016/06/04 | rds: a kernel infoleak in rds_inc_info_copy (link) | CVE-2016-5244 | Kangjie Lu |
| 2016/05/31 | mac80211: stack object deauth_buf in net/mac80211/mlme.c is not initialized but leaked | AndroidID-28620568 | Kangjie Lu |
| 2016/05/31 | bcmdhd: many fields of stack object sinfo (drivers/net/wireless/bcmdhd/wl_cfg80211.c) are not initialized and the whole object is leaked. | AndroidID-28619338 | Kangjie Lu |
| 2016/05/31 | wireless: not all fields of stack object hdr (net/wireless/util.c) are initialized before it is leaked. | AndroidID-28620324 | Kangjie Lu |
| 2016/05/31 | netfilter: not all fields of stack object phw (net/netfilter/nfnetlink_queue_core.c) are initialized, which is however leaked via nla_put | AndroidID-28673002 | Kangjie Lu |
| 2016/05/31 | netfilter: not all fields of stack object phw (net/netfilter/nfnetlink_log.c) are initialized, which is however leaked via nla_put | AndroidID-28673002 | Kangjie Lu |
| 2016/05/31 | netfilter: one padding byte of pmsg (net/netfilter/nfnetlink_log.c) is not initialized but leaked via nla_put | AndroidID-28672819 | Kangjie Lu |
| 2016/05/31 | ipv6: some padding bytes of errhdr (net/ipv6/datagram.c) object are not initialized but leaked via put_cmsg | AndroidID-28672560 | Kangjie Lu |
| 2016/05/31 | media: some fields of u_ent (drivers/media/media-device.c) are not initialized but leaked via copy_to_user | AndroidID-28616963 | Kangjie Lu |
| 2016/05/31 | media: some fields of pad (drivers/media/media-device.c) are not initialized but leaked via copy_to_user | AndroidID-28616963 | Kangjie Lu |
| 2016/05/31 | media: some fields of link (drivers/media/media-device.c) are not initialized but leaked via copy_to_user | AndroidID-28616963 | Kangjie Lu |
| 2016/05/17 | Kernel driver vulnerability in Eset Smart Security (link) | N/A | Su Yong Kim, Sangho Lee, Byoungyoung Lee |
| 2016/05/10 | x25: Linux kernel information leak vulnerability in x25_negotiate_facilities (link, link) | CVE-2016-4569 | Kangjie Lu |
| 2016/05/10 | ASLA: Two Linux kernel information leak vulnerabilities in timer (link, link) | CVE-2016-4578 | Kangjie Lu |
| 2016/05/09 | ASLA: Linux kernel information leak vulnerability in timer (link) | CVE-2016-4569 | Kangjie Lu |
| 2016/05/04 | Linux kernel information leak vulnerabilityi(llc module) (link) | CVE-2016-4485 | Kangjie Lu |
| 2016/05/04 | Linux kernel information leak vulnerability(netlink module) (link) | CVE-2016-4486 | Kangjie Lu |
| 2016/05/04 | Linux kernel information leak vulnerability(USB module) (link) | CVE-2016-4482 | Kangjie Lu |
| 2016/02/09 | Windows Elevation of Privilege Vulnerability (link) | CVE-2016-0040 (MS16-014) | Su Yong Kim, Byoungyoung Lee |
| 2016/01/27 | An integer overflow bug in php_str_to_str_ex() led arbitrary code execution. (link) | Bug #71450, IBB-PHP #113122 | Yeongjin Jang, Insu Yun |
| 2016/01/27 | An integer overflow bug in php_implode() could lead heap overflow, make crashes (link) | Bug #71449, IBB-PHP #113120 | Yeongjin Jang, Insu Yun |
| 2016/01/24 | Integer overflow in wordwrap (link) | Pull request #1738, IBB-PHP #113268 | Insu Yun |
| 2015/11/10 | Windows NDIS Elevation of Privilege Vulnerability (independently reported) (link) | CVE-2015-6098 (MS15-117) | Su Yong Kim, Byoungyoung Lee |
| 2015/11/04 | Elevation of Privilege Vulnerability in Telephony (link) | CVE-2015-6614 | Hongil Kim, Dongkwan Kim, Minhee Kwon, Hyungseok Han, Yeongjin Jang |
| 2015/10/16 | Voice over LTE implementations contain multiple vulnerabilities (link) | VU#943167 | Hongil Kim, Dongkwan Kim, Minhee Kwon, Hyungseok Han, Yeongjin Jang |
| 2015/08/10 | Integer overflow in ui/cursor.c (link) | N/A | Sang Shin Jung, Byoungyoung Lee, Yeong Jang, Changwoo Min |
| 2014/12/02 | Bad casting from the BasicThebesLayer to BasicContainerLayer (link) | CVE-2014-1594 | Byoungyoung Lee, Chengyu Song |