Security Advisories

As part of the Security Community, we actively support vulnerability research. Here you can find information about discovered vulnerabilities:

2023

Date	Product	Vulnerabilty Type	Details
11/2023	Wire AVS as used in Wire Secure Messenger	Use of Externally‑Controlled Format String (CWE‑134)	Post
05/2023	LibreOffice	Improper Validation of Array Index (CWE‑129)	Post
04/2023	Mozilla Maintenance Service	Improper Resource Locking (CWE‑413)	Post

2020

Date	Product	Vulnerabilty Type	Details
10/2020	Wire AVS as used in Wire Secure Messenger	Use of Externally‑Controlled Format String (CWE‑134)	Post
07/2020	IBM Maximo Asset Management	Improper Restriction of XML External Entity Reference (CWE‑611)	Post
07/2020	Apple iOS, macOS	Heap‑based Buffer Overflow (CWE‑122)	Post
06/2020	Teamwire (Android)	Missing Authentication for Critical Function (CWE‑306)	Post
05/2020	Ilias	Improper Control of Filename for Include/Require Statement in PHP Program (CWE‑98), Exposure of Sensitive Information to an Unauthorized Actor (CWE‑200)	Post
03/2020	Fortinet FortiClient	Unquoted Search Path or Element (CWE‑428)	Post
01/2020	Juniper Networks Junos Space	External Control of File Name or Path (CWE‑73)	Post

2019

Date	Product	Vulnerabilty Type	Details
03/2019	axTLS	Out‑of‑bounds Write (CWE‑787)	Post
05/2019	wolfSSL	Out‑of‑bounds Write (CWE‑787)	Post

2018

Date	Product	Vulnerabilty Type	Details
12/2018	WeBid Directory	SQL Injection (CWE‑89), Cross‑site Scripting (CWE‑79), Path Traversal (CWE‑22)	Post
07/2018	ServiceNow	Code Injection (CWE‑94)	Post
04/2018	Trovebox	SQL Injection (CWE‑89)	Post

2017

Date	Product	Vulnerabilty Type	Details
10/2017	Kaltura Video Platform	Deserialization of Untrusted Data (CWE‑502), Cross‑site Scripting (CWE‑79)	Post