The following are some of the bugs I discovered:

2021

  • CVE-2021-3177: Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.

2020

  • CVE-2020-12105: OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which allows an attacker that is able to get valid certificates from a CA with a specially crafted CommonName to perform a person-in-the-middle attack against VPN clients.

  • CVE-2020-9383: An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers / block / floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

  • CVE-2020-8432: In Das U-Boot through 2020.01, a double free has been found in the cmd / gpt.c do_rename_gpt_parts () function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerability was introduced when attempting to fix a memory leak identified by static analysis.

2019

  • CVE-2019-9675: An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext / phar / tar.c has a buffer overflow via a long link value.

2018

  • CVE-2018-19497: In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk / fs / hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk / fs / hfs_dent.c).

Other references: