UPCOMING:
- OpenSSL MEDIUM severity remote vulnerability. Not reported yet. Will be reported in due time.
- Ripple cryptocurrency rippled remote vulnerability TBA
- EOSIO (EOS cryptocurrency token) 10 remote vulnerabilities TBA
Previous:
- Multiple remote vulnerabilities in SoftEther VPN – https://guidovranken.wordpress.com/2018/01/15/security-audit-of-softether-vpn-finds-11-security-vulnerabilities/
- Stellar cryptocurrency 2 remote vulnerabilities
- Ripple cryptocurrency multiple remote vulnerabilities – https://ripple.com/dev-blog/rippled-version-0-90-1/
- libsrtp multiple vulnerabilities – https://guidovranken.wordpress.com/2018/03/22/full-disclosure-libsrtp-multiple-vulnerabilities/
- Go progamming language incorrect exponentiation – https://github.com/golang/go/issues/22830
- OpenVPN remote buffer overflow (CVE-2017-12166) – https://guidovranken.wordpress.com/2017/09/27/one-more-openvpn-vulnerability-cve-2017-12166/
- FreeRADIUS multiple remote vulnerabilities – https://guidovranken.wordpress.com/2017/07/17/11-remote-vulnerabilities-inc-2x-rce-in-freeradius-packet-parsers/
- Multiple critical OpenVPN vulnerabilities – https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
- rpcbind CVE-2017-8779 – https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
- Various mbed TLS issues – https://guidovranken.wordpress.com/2017/03/10/new-vulnerabilities-found-in-mbed-tls/
- OpenSSH – CVE-2016-10012 – https://lwn.net/Articles/709677/
- OpenSSL – CVE-2017-3730 (“moderate” severity) – https://www.openssl.org/news/secadv/20170126.txt
- OpenSSL – remote client memory corruption – https://guidovranken.wordpress.com/2016/10/13/openssl-1-1-0-remote-client-memory-corruption-in-ssl_add_clienthello_tlsext/
- Ruby – arbitrary length OOB read in strscan module – https://guidovranken.wordpress.com/2016/10/10/32-bit-ruby-arbitrary-length-oob-read-in-strscan-module/
- Ruby – heap corruption in string.c tr_trans() due to undersized buffer – https://guidovranken.wordpress.com/2016/06/20/ruby-vulnerability-heap-corruption-in-string-c-tr_trans-due-to-undersized-buffer/
- Ruby – heap corruption in DateTime.strftime() on 32 bit for certain format strings – https://guidovranken.wordpress.com/2016/06/20/ruby-vulnerability-heap-corruption-in-string-c-tr_trans-due-to-undersized-buffer/
- Ruby – StringIO strio_getline() may divulge arbitrary process memory – https://guidovranken.wordpress.com/2016/06/17/ruby-vulnerability-stringio-strio_getline-may-divulge-arbitrary-process-memory/
- Python – heap corruption via Python 2.7.11 IOBase readline() – https://github.com/torproject/tor/commit/6abceca1826a018fb51e419fc4eb9721dd501acf
- Tor – proactive defense against heap corruption – https://github.com/torproject/tor/commit/6abceca1826a018fb51e419fc4eb9721dd501acf
- Tor – heap corruption – https://github.com/torproject/tor/blob/master/changes/bug18162
- OpenSSL – CVE-2016-2177 https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7
- OpenSSL – CVE-2016-2105 EVP_EncodeUpdate overflow https://openssl.org/news/secadv/20160503.txt
- OpenSSL – CVE-2016-2106 EVP_EncryptUpdate overflow https://openssl.org/news/secadv/20160503.txt
- OpenSSL – CVE-2016-2176 X509_NAME_oneline() overread on EBCDIC systems https://openssl.org/news/secadv/20160503.txt
- OpenSSL – CVE-2016-0799 BIO_printf heap corruption https://openssl.org/news/secadv/20160301.txt
- OpenSSL – CVE-2016-0797 BN_hex2bn/BN_dec2bn heap corruption https://openssl.org/news/secadv/20160301.txt
- OpenSSL – b2i_PVK_bio heap corruption – https://guidovranken.wordpress.com/2016/03/01/public-disclosure-malformed-private-keys-lead-to-heap-corruption-in-b2i_pvk_bio/
- mbed TLS – potential double free in mbedtls_ssl_conf_psk – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L50
- mbed TLS – potential double free – mbedtls_x509_crt_parse_path https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L53
- mbed TLS – buffer overflow in asn1_write_xxx() functions – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L56
- mbed TLS – CVE-2015-5291 remote heap corruption – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L98
- mbed TLS – potential double free – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L101
- mbed TLS – stack buffer overflow – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L105
- mbed TLS – potential buffer overflow – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L108
- mbed TLS – random memory allocation – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L113
- mbed TLS – base64_encoded() heap buffer overflow – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L117
- mbed TLS – potential double-free in mbedtls_conf_psk() – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L120
- mbed TLS – potential heap overflow – https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog#L123
- Python – CVE-2014-4616 arbitrary memory reads in _json module
- Apache httpd – CVE-2015-0228 remote DoS through stack exhaustion – https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228
- glibc, NetBSD libc – heap overflow in regex library – https://www.kb.cert.org/vuls/id/695940
- libevent – stack buffer overflow – https://github.com/libevent/libevent/issues/318
- libevent – remote DNS stack overread – https://github.com/libevent/libevent/issues/317