Archive

2022⁵

March⁵

(CVE-2021-4206) QEMU QXL Integer overflow leads to Heap Overflow

March 28, 2022 · 3 min · Billy Jheng Bing Jhong (@st424204)

(CVE-2021-4207) QEMU QXL Integer overflow leads to Heap Overflow

March 28, 2022 · 3 min · Billy Jheng Bing Jhong (@st424204)

(CVE-2022-0168) Linux Kernel smb2_ioctl_query_info NULL Pointer Dereference

March 28, 2022 · 4 min · Billy Jheng Bing Jhong (@st424204)

(CVE-2022-0216) QEMU LSI SCSI Use After Free

March 28, 2022 · 7 min · Muhammad Alifa Ramdhan (@n0psledbyte)

(CVE-2022-26718) macOS smbfs Out-of-Bounds Read due to parse nic info

March 4, 2022 · 4 min · Peter Nguyễn Vũ Hoàng

2021¹⁶

September²

(CVE-2021-30844) macOS smbfs Out-of-Bounds Read

September 13, 2021 · 3 min · Peter Nguyễn Vũ Hoàng

(CVE-2021-30845) macOS smbfs Out-of-Bounds Read

September 13, 2021 · 3 min · Peter Nguyễn Vũ Hoàng

June¹

(CVE-2021-30868) macOS smbfs Race Condition leading to Use-After-Free Vulnerability

June 18, 2021 · 12 min · Peter Nguyễn Vũ Hoàng

May¹

(CVE-2021-30745) Apple macOS QuartzCore Type Confusion Vulnerability

May 20, 2021 · 3 min · Peter Nguyễn Vũ Hoàng

April⁶

(CVE-2021-0204) Juniper Junos OS Local Privilege Escalation vulnerability in dexp

April 14, 2021 · 2 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-0223) Juniper Junos OS Local Privilege Escalation vulnerability in telnetd

April 14, 2021 · 2 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-0254) Junos OS overlayd service bss Buffer Overflow

April 14, 2021 · 7 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-0255) Juniper Junos OS Local Privilege Escalation vulnerability in ethtraceroute

April 14, 2021 · 3 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-0256) Juniper Junos OS Local Privilege Escalation vulnerability in mosquitto

April 14, 2021 · 2 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-2321) Oracle VirtualBox E1000 BSS Out-Of-Bounds Read

April 6, 2021 · 8 min · Muhammad Alifa Ramdhan (@n0psledbyte)

March²

(CVE-2021-3409) QEMU Heap Overflow in SDHCI Component

March 23, 2021 · 20 min · Muhammad Alifa Ramdhan (@n0psledbyte)

(CVE-2021-0950) Android NFC [email protected] Writer mode Out-Of-Bounds Write leading to Information Disclosure

March 5, 2021 · 7 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

February⁴

(CVE-2021-33760) Windows Media Foundation Integer Overflow Vulnerability

February 27, 2021 · 3 min · Phan Thanh Duy (@PTDuy), Brandon Chong, Cao Yi Tian

(CVE-2021-34503) Windows Media Foundation Type Confusion Vulnerability

February 27, 2021 · 4 min · Phan Thanh Duy (@PTDuy)

(CVE-2021-1758) macOS/iOS CoreText Out-Of-Bounds Read

February 10, 2021 · 6 min · Peter Nguyễn Vũ Hoàng

(CVE-2021-1790) macOS/iOS CoreText libhvf Out-Of-Bounds Read

February 10, 2021 · 7 min · Peter Nguyễn Vũ Hoàng

2020¹⁹

August¹

(CVE-2020-24430) Adobe Acrobat Pro DC FDF.addContact Use-After-Free Vulnerability

August 21, 2020 · 5 min · Alan Chang Enze

July¹

(CVE-2020-13937) Apache Kylin - Unauthenticated Configuration Disclosure

July 17, 2020 · 3 min · Ngo Wei Lin (@creastery)

June⁴

(CVE-2020-0634) Windows CLFS UAF Memory Corruption Vulnerability

June 12, 2020 · 5 min · Meysam Firouzi

(CVE-2020-1664) Juniper Junos OS dcd create_debug_data() buffer overflow

June 12, 2020 · 2 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-0218) Junos OS lc_fetch_license_keys() command injection

June 12, 2020 · 4 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

(CVE-2021-0219) Juniper Junos OS validate package mgd_package_real() command injection

June 12, 2020 · 2 min · Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss)

May³

(CVE-2020-15357) Askey AP5100W Authenticated Command Injection in web Interface

May 22, 2020 · 2 min · Li Bailin

(CVE-2020-25545) Askey AP5100W Information Leak through Insecure backups

May 22, 2020 · 2 min · Li Bailin

(CVE-2020-25546) Askey AP5100W Logic Error allowing Web Admin authentication bypass

May 22, 2020 · 2 min · Li Bailin

April⁵

(CVE-2020-2575) Oracle VirtualBox OHCI Uninitialized Heap Variable - Pwn2Own

April 30, 2020 · 3 min · Pham Hong Phi (@anhdaden)

(CVE-2020-2748) Oracle VirtualBox SVGA Out-of-Bounds Read in vmsvgaR3FifoUpdateCursor

April 30, 2020 · 3 min · Pham Hong Phi (@anhdaden), Calvin Fong

(CVE-2020-2758) Oracle VirtualBox VHWA Use-After-Free Privilege Escalation

April 30, 2020 · 4 min · Calvin Fong

(CVE-2020-2894) Oracle VirtualBox e1kInsertChecksum Out-of-Bounds Read - Pwn2Own

April 30, 2020 · 2 min · Pham Hong Phi (@anhdaden)

(CVE-2020-10907) Foxit Reader XFA Widget Use-After-Free Code Execution

April 16, 2020 · 4 min · Peter Nguyễn Vũ Hoàng

March³

(CVE-2020-3800) Adobe Reader xfa.loadXML Use-after-Free

March 17, 2020 · 3 min · Phan Thanh Duy (@PTDuy)

(CVE-2020-3801) Adobe Reader XFA Heap Address Leak

March 17, 2020 · 1 min · Phan Thanh Duy (@PTDuy)

(CVE-2020-9816) macOS libFontParser HeapOverflow Vulnerability

March 17, 2020 · 3 min · Peter Nguyễn Vũ Hoàng

January²

(CVE-2020-2682) Oracle VirtualBox VBoxVHWAHandleTable Out-Of-Bounds Access Privilege Escalation

January 15, 2020 · 5 min · Pham Hong Phi (@hanhdaden)

(CVE-2020-2674) Oracle VirtualBox OHCI Use-After-Free

January 14, 2020 · 5 min · Pham Hong Phi (@hanhdaden)

2019³⁵

December³

(CVE-2019-16452) Adobe Acrobat/Reader getSound JSObject Use-after-Free - TianFu Cup 2019

December 10, 2019 · 4 min · Phan Thanh Duy (@PTDuy)

(CVE-2020-0889) Microsoft Jet Database Format Record Length Memory Corruption

December 4, 2019 · 4 min · Shi Ji (@Puzzorsj), Meysam Firouzi

(CVE-2020-2902) Oracle VirtualBox Direct3D 9 Shader Out-of-Bounds Write Remote Code Execution Vulnerability

December 4, 2019 · 5 min · Pham Hong Phi (@anhdaden)

November²

(CVE-2020-0961) Microsoft Jet Database file position integer overflow Memory Corruption

November 13, 2019 · 4 min · Shi Ji (@Puzzorsj), Meysam Firouzi

(CVE-2019-1406) Microsoft Jet Engine ColumnLvText Type Confusion

November 12, 2019 · 3 min · Shi Ji (@Puzzorsj) & Meysam Firouzi

October⁷

(CVE-2019-2984) Oracle VirtualBox Video Hardware Acceleration NULL Pointer Dereferences

October 20, 2019 · 5 min · Phạm Hồng Phi (@anhdaden)

(CVE-2019-3002) Oracle VirtualBox Integer Divide by Zero in hdaR3StreamInit

October 20, 2019 · 3 min · Phạm Hồng Phi (@anhdaden)

(CVE-2019-3005) Oracle VirtualBox NULL Pointer Dereference in hdaR3WalClkSet

October 20, 2019 · 3 min · Phạm Hồng Phi (@anhdaden)

(CVE-2019-3026) Oracle VirtualBox VBoxSVGA Invalid Check in vmsvgaFIFOLoop

October 20, 2019 · 4 min · Phạm Hồng Phi (@anhdaden)

(CVE-2019-3031) Oracle VirtualBox VMSVGA Out-of-Bounds Read in vmsvga3dSetLightEnabled

October 20, 2019 · 3 min · Phạm Hồng Phi (@anhdaden)

(CVE-2019-8220) Adobe Reader CLstBxField Use-after-Free

October 15, 2019 · 4 min · Ta Dinh Sung

(CVE-2019-8221) Adobe Reader Type Confusion in getColorConvertAction

October 15, 2019 · 3 min · Ta Dinh Sung

September¹

(CVE-2019-1250) Microsoft Jet database Record::IsNull Memory Corruption

September 10, 2019 · 5 min · Shi Ji (@Puzzorsj) & Meysam Firouzi

August²

(CVE-2019-8011) Acrobat Reader DC 2d.x3d!_LoadTIFF() Out-of-Bounds Read

August 13, 2019 · 4 min · Wei Lei

(CVE-2019-8018) Acrobat Reader DC 2d.x3d!_LoadRGB() OOB Read in TRGB::expandrow()

August 13, 2019 · 5 min · Wei Lei

June²

(CVE-2019-8038) Adobe Acrobat/Reader CTextWidget Use-after-Free

June 20, 2019 · 5 min · Phan Thanh Duy (@PTDuy)

(CVE-2019-8039) Adobe Acrobat/Reader CTextField Use-after-Free

June 20, 2019 · 3 min · Phan Thanh Duy (@PTDuy)

May²

(CVE-2019-7142) Acrobat Reader DC 2d.x3d!_LoadRGB() Out-of-Bounds Read/Write in TRGB::expandrow()

May 14, 2019 · 5 min · Wei Lei