We frequently report and fix security-critical vulnerabilities that we find as a byproduct of our research. Some of bugs that have an explictly assigned CVE or references are listed here:
| Date | Description | Ref. |
|---|---|---|
| 2019/02/12 | Memory corruption in ChakraCore Scripting Engine (link) | CVE-2019-0609 |
| 2019/02/03 | Use-After-Free in WebKit that may lead to arbitrary code execution (link) | CVE-2019-6212 |
| 2018/07/27 | Linux HFS+ memory corruption (link) | CVE-2018-14617 |
| 2018/07/27 | Linux F2FS memory corruptions (link, link, link) | CVE-2018-14614,14615,14616 |
| 2018/07/27 | Linux Btrfs memory corruptions (link, link, link, link, link) | CVE-2018-14609,14610,14611,14612,14613 |
| 2018/07/16 | Linux ext4 memory corruptions (link, link, link, link, link) | CVE-2018-10879,10880,10881,10882,10883 |
| 2018/07/16 | Linux ext4 memory corruptions (link, link, link, link) | CVE-2018-10840,10876,10877,10878 |
| 2018/07/03 | Linux F2FS memory corruptions (link, link, link, link, link) | CVE-2018-13096,13097,13098,13099,13100 |
| 2018/07/03 | Linux XFS memory corruption (link, link, link) | CVE-2018-13093,13094,13095 |
| 2018/04/24 | Linux XFS memory corruptions (link, link) | CVE-2018-10322,10323 |
| 2018/04/01 | Linux ext4 memory corruptions (link, link, link, link) | CVE-2018-1092,1093,1094,1095 |
| 2017/11/30 | FFmpeg out-of-bound read in gmc_mmx (link) | CVE-2017-17081 |
| 2017/11/30 | Binutils heap overflow in bfd_getl32 (link) | CVE-2017-17080 |
| 2017/03/12 | Audiofile heap overflow in Expand3To4Module::run (link) | CVE-2017-6836 |
| 2017/09/05 | FreeBSD netsmb double-fetch (link) | CVE-2017-15037 |
| 2017/08/16 | Openjpeg 2.2.0 Heap Overflow (link) | CVE-2017-12878 |
| 2017/05/10 | Dropbox Lepton 1.2.1 DoS (link) | CVE-2017-8891 |
| 2016/12/13 | Windows Crypto Driver Information Disclosure Vulnerability (link) | CVE-2016-7219 (MS16-149) |
| 2016/06/09 | A heap overflow in zipimporter module (link) | CVE-2016-5636, IBB-Python #26171 |
| 2016/06/04 | tipc: a kernel infoleak (leaking up to 60 bytes) in tipc_nl_compat_link_dump (link) | CVE-2016-5243 |
| 2016/06/04 | rds: a kernel infoleak in rds_inc_info_copy (link) | CVE-2016-5244 |
| 2016/05/31 | mac80211: stack object deauth_buf in net/mac80211/mlme.c is not initialized but leaked | AndroidID-28620568 |
| 2016/05/31 | bcmdhd: many fields of stack object sinfo (drivers/net/wireless/bcmdhd/wl_cfg80211.c) are not initialized and the whole object is leaked. | AndroidID-28619338 |
| 2016/05/31 | wireless: not all fields of stack object hdr (net/wireless/util.c) are initialized before it is leaked. | AndroidID-28620324 |
| 2016/05/31 | netfilter: not all fields of stack object phw (net/netfilter/nfnetlink_queue_core.c) are initialized, which is however leaked via nla_put | AndroidID-28673002 |
| 2016/05/31 | netfilter: not all fields of stack object phw (net/netfilter/nfnetlink_log.c) are initialized, which is however leaked via nla_put | AndroidID-28673002 |
| 2016/05/31 | netfilter: one padding byte of pmsg (net/netfilter/nfnetlink_log.c) is not initialized but leaked via nla_put | AndroidID-28672819 |
| 2016/05/31 | ipv6: some padding bytes of errhdr (net/ipv6/datagram.c) object are not initialized but leaked via put_cmsg | AndroidID-28672560 |
| 2016/05/31 | media: some fields of u_ent (drivers/media/media-device.c) are not initialized but leaked via copy_to_user | AndroidID-28616963 |
| 2016/05/31 | media: some fields of pad (drivers/media/media-device.c) are not initialized but leaked via copy_to_user | AndroidID-28616963 |
| 2016/05/31 | media: some fields of link (drivers/media/media-device.c) are not initialized but leaked via copy_to_user | AndroidID-28616963 |
| 2016/05/17 | Kernel driver vulnerability in Eset Smart Security (link) | N/A |
| 2016/05/10 | x25: Linux kernel information leak vulnerability in x25_negotiate_facilities (link, link) | CVE-2016-4569 |
| 2016/05/10 | ASLA: Two Linux kernel information leak vulnerabilities in timer (link, link) | CVE-2016-4578 |
| 2016/05/09 | ASLA: Linux kernel information leak vulnerability in timer (link) | CVE-2016-4569 |
| 2016/05/04 | Linux kernel information leak vulnerabilityi(llc module) (link) | CVE-2016-4485 |
| 2016/05/04 | Linux kernel information leak vulnerability(netlink module) (link) | CVE-2016-4486 |
| 2016/05/04 | Linux kernel information leak vulnerability(USB module) (link) | CVE-2016-4482 |
| 2016/02/09 | Windows Elevation of Privilege Vulnerability (link) | CVE-2016-0040 (MS16-014) |
| 2016/01/27 | An integer overflow bug in php_str_to_str_ex() led arbitrary code execution. (link) | Bug #71450, IBB-PHP #113122 |
| 2016/01/27 | An integer overflow bug in php_implode() could lead heap overflow, make crashes (link) | Bug #71449, IBB-PHP #113120 |
| 2016/01/24 | Integer overflow in wordwrap (link) | Pull request #1738, IBB-PHP #113268 |
| 2015/11/10 | Windows NDIS Elevation of Privilege Vulnerability (independently reported) (link) | CVE-2015-6098 (MS15-117) |
| 2015/11/04 | Elevation of Privilege Vulnerability in Telephony (link) | CVE-2015-6614 |
| 2015/10/16 | Voice over LTE implementations contain multiple vulnerabilities (link) | VU#943167 |
| 2015/08/10 | Integer overflow in ui/cursor.c (link) | N/A |
| 2014/12/02 | Bad casting from the BasicThebesLayer to BasicContainerLayer (link) | CVE-2014-1594 |