Internet


reports in last 90 days

37

disclosed resolved issues

0

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Critical Silent omission of certificate hostname verification in LibreSSL and BoringSSL

Improper Certificate Validation tiran Time to triage: 20 Days and 20 hours


Time to close: 499 Days and 11 hours
Resolved

Critical Exim off-by-one RCE vulnerability

Off-by-one Error mehqq Time to triage: 39 Days and 14 hours


Time to close: 499 Days and 11 hours
Resolved

Critical Mercurial git subrepo lead to arbritary command injection

Command Injection - Generic pnig0s Time to triage: 134 Days and 16 hours


Time to close: 499 Days and 23 hours
Resolved

High CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host

Privilege Escalation adam_iwaniuk Time to triage: 62 Days and 2 hours


Time to close: 132 Days and 23 hours
Resolved

High Mailsploit: a sender spoofing bug in over 30 email clients

User Interface (UI) Misrepresentation of Critical Information pwnsdx Issue was not triaged


Time to close: 203 Days and 18 hours
Resolved

High Industry-Wide MITM Vulnerability Impacting the JVM Ecosystem

Man-in-the-Middle jlleitschuh Issue was not triaged


Time to close: 90 Days and 19 hours
Resolved

High [bower] Arbitrary File Write through improper validation of symlinks while package extraction

Path Traversal skyn3t Time to triage: 69 Days and 2 hours


Time to close: 146 Days and 1 hours
Resolved

High Linux kernel: CVE-2017-1000112: a memory corruption due to UFO to non-UFO path switch

Memory Corruption - Generic xairy Issue was not triaged


Time to close: 12 Days and 8 hours
Resolved

High Linux kernel: CVE-2017-7308: a signedness issue in AF_PACKET sockets

Memory Corruption - Generic xairy Issue was not triaged


Time to close: 12 Days and 8 hours
Resolved

High ZeroMQ libzmq remote code execution

Memory Corruption - Generic guido Issue was not triaged


Time to close: 238 Days and 17 hours
Resolved

High Linux kernel: CVE-2017-6074: DCCP double-free vulnerability

Double Free xairy Time to triage: 5 Days and 21 hours


Time to close: 475 Days and 0 hours
Resolved

High Ubuntu Linux privilege escalation (dirty_sock)

Privilege Escalation initstring Time to triage: 56 Days and 22 hours


Time to close: 136 Days and 23 hours
Resolved

No rating Cross-site information assertion leak via Content Security Policy

Information Disclosure zemnmez Issue was not triaged


Time to close: 1076 Days and 16 hours
Resolved

Critical ACME TLS-SNI-01/02 challenge vulnerable when combined with shared hosting providers

Privilege Escalation fransrosen Time to triage: 60 Days and 21 hours


Time to close: 35 Days and 23 hours
Resolved

No rating Unsecure: Bypass alerts of Little Flocker / Little Snitch / HandsOff! / BlockBlock (same concept can be applied to other security tools)

None supplied pwnsdx Issue was not triaged


Time to close: 101 Days and 16 hours
Resolved

Medium Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse

Reusing a Nonce, Key Pair in Encryption vanhoefm Issue was not triaged


Time to close: 0 Days and 2 hours
Resolved

Medium Race Conditions in OAuth 2 API implementations

Improper Authentication - Generic dor1s Issue was not triaged


Time to close: 784 Days and 14 hours
Resolved

High RCE via ssh:// URIs in multiple VCS

OS Command Injection joernchen Issue was not triaged


Time to close: 7 Days and 19 hours
Resolved

High Mercurial can be tricked into granting authorized users access to the Python debugger

Code Injection claudijd Issue was not triaged


Time to close: 84 Days and 12 hours
Resolved

Low ntpd: read_mru_list() does inadequate incoming packet checks

Denial of Service magnusstubman Issue was not triaged


Time to close: 381 Days and 12 hours
Resolved

No rating Insufficient shell characters filtering leads to (potentially remote) code execution (CVE-2016-3714)

None supplied stewie Issue was not triaged


Time to close: 12 Days and 0 hours
Resolved

No rating libcurl duphandle read out of bounds

None supplied sparaschoudis Issue was not triaged


Time to close: 50 Days and 0 hours
Resolved

No rating libcurl: URL request injection

None supplied isciurus Issue was not triaged


Time to close: 187 Days and 11 hours
Resolved

No rating Drupal 7 pre auth sql injection and remote code execution

SQL Injection shorst Issue was not triaged


Time to close: 170 Days and 15 hours
Resolved

No rating open redirect in rfc6749

Open Redirect asanso Issue was not triaged


Time to close: 213 Days and 7 hours
Resolved