Security Advisories

As part of the Security Community, we actively support vulnerability research. Here you can find information about discovered vulnerabilities:

2024

Date Product Vulnerabilty Type Details
11/2024 SharkSSL TLS Client Buffer Overflow (CWE‑120) Post
09/2024 Apple iOS/iPadOS, macOS and more Out‑of‑bounds Write (CWE‑787) Post
08/2024 Collabora Office for Android Improper Neutralization of Encoded URI Schemes in a Web Page (CWE‑84) Post
08/2024 Moodle Cross‑site Scripting (CWE‑79) Post
05/2024 Certain HP LaserJet Pro Printers (Possible) Exposure of Sensitive Information to an Unauthorized Actor (CWE‑200) Post
03/2024 Airmail - Your Mail With You, Airmail for Business Improper Neutralization of Input During Web Page Generation / "Cross‑site Scripting") (CWE‑79), Insecure Storage of Sensitive Information (CWE‑922) Post
03/2024 Apple iOS/iPadOS, macOS and more Improper Input Validation (CWE‑20) Post
01/2024 Tuta Mail Improper Input Validation (CWE‑20) Post
01/2024 Tuta Mail Server‑Side Request Forgery (SSRF) (CWE‑918) Post

2023

Date Product Vulnerabilty Type Details
12/2023 MatrixSSL Integer Overflow or Wraparound (CWE‑190) Post
11/2023 Wire AVS as used in Wire Secure Messenger Use of Externally‑Controlled Format String (CWE‑134) Post
06/2023 Apple iOS/iPadOS, macOS and more Buffer Copy without Checking Size of Input (CWE‑120) Post
05/2023 LibreOffice Improper Validation of Array Index (CWE‑129) Post
04/2023 Mozilla Maintenance Service Improper Resource Locking (CWE‑413) Post
01/2023 MatrixSSL Integer Overflow or Wraparound (CWE‑190) Post

2022

Date Product Vulnerabilty Type Details
09/2022 Apple iOS/iPadOS, macOS Improper Input Validation (CWE‑20) Post

2021

Date Product Vulnerabilty Type Details
03/2021 SQLCipher NULL Pointer Dereference (CWE‑476) Post

2020

Date Product Vulnerabilty Type Details
11/2020 SQLCipher Use After Free (CWE‑416) Post
10/2020 Wire AVS as used in Wire Secure Messenger Use of Externally‑Controlled Format String (CWE‑134) Post
07/2020 IBM Maximo Asset Management Improper Restriction of XML External Entity Reference (CWE‑611) Post
07/2020 Apple iOS, macOS Heap‑based Buffer Overflow (CWE‑122) Post
06/2020 Teamwire (Android) Missing Authentication for Critical Function (CWE‑306) Post
05/2020 Ilias Improper Control of Filename for Include/Require Statement in PHP Program (CWE‑98), Exposure of Sensitive Information to an Unauthorized Actor (CWE‑200) Post
03/2020 Fortinet FortiClient Unquoted Search Path or Element (CWE‑428) Post
01/2020 Juniper Networks Junos Space External Control of File Name or Path (CWE‑73) Post

2019

Date Product Vulnerabilty Type Details
03/2019 axTLS Out‑of‑bounds Write (CWE‑787) Post
05/2019 wolfSSL Out‑of‑bounds Write (CWE‑787) Post

2018

Date Product Vulnerabilty Type Details
12/2018 WeBid Directory SQL Injection (CWE‑89), Cross‑site Scripting (CWE‑79), Path Traversal (CWE‑22) Post
07/2018 ServiceNow Code Injection (CWE‑94) Post
04/2018 Trovebox SQL Injection (CWE‑89) Post

2017

Date Product Vulnerabilty Type Details
10/2017 Kaltura Video Platform Deserialization of Untrusted Data (CWE‑502), Cross‑site Scripting (CWE‑79) Post