Vulnerabilities

Keeping Internet users safe is more than just making sure Google's products are secure. Google engineers also contribute to improving the security of non-Google software that our products and users rely on.

Provided below is a list of software vulnerabilities discovered or fixed by Googlers, along with presentations we've given at industry security conferences. You can also find publications about security, cryptography, and privacy work in Google's main research portal.

Googler Product Date Reference Description More info
Ian Beer Apple MacOS and IOS 6/30/2014 CVE-2014-1372, CVE-2014-1373, CVE-2014-1376, CVE-2014-1377, CVE-2014-1359, CVE-2014-1356, CVE-2014-1357, CVE-2014-1358 and CVE-2014-1379 Memory corruption Apple advisory
Michele Spagnuolo Adobe Flash 6/29/2014 CVE-2014-4671 Format malleability and data leak Adobe bulletin
Michele Spagnuolo and Nicolas Ruff libicu 6/14/2014 CVE-2014-4500 Stack buffer overflow Product advisory
Mateusz Jurczyk, Ivan Fratric, and Ben Hawkes Microsoft Graphics Component 6/10/2014 CVE-2014-1818 Memory corruption Microsoft bulletin
Felix Gröbert and Ivan Fratric OpenSSL 6/5/2014 CVE-2014-3470 Denial of service Openssl advisory
Fermin J. Serna Microsoft Internet Explorer 5/13/2014 CVE-2014-0310 Memory corruption Microsoft bulletin
Felix Gröbert and Ivan Fratric PHP 5/9/2014 Memory corruption
Ian Beer Apple MacOS and IOS 4/22/2014 CVE-2014-1318, CVE-2014-1320 and CVE-2014-1322 Memory corruption Apple advisory
Ivan Fratric CyaSSL 4/9/2014 CVE-2014-2896, CVE-2014-2897, CVE-2014-2898, CVE-2014-2899 Multiple vulnerabilities Product advisory
Neel Mehta OpenSSL 4/7/2014 CVE-2014-0160 Information Disclosure OpenSSL advisory
Ivan Fratric LibYAML 3/26/2014 CVE-2014-2525 Heap overflow Ocert advisory
Drew Hintz, Shane Huntley, and Matty Pellegrino Microsoft Word 3/16/2014 CVE-2014-1761 Code execution Microsoft bulletin
Felix Groebert Apple MacOS 2/25/2014 CVE-2014-1254 Memory corruption Apple advisory
Meder Kydyraliev Apple MacOS 2/25/2014 CVE-2014-1262, CVE-2014-1255 and CVE-2014-1256 Memory corruption Apple advisory
Google Security Team Adobe Flash 2/20/2014 CVE-2014-0502 Memory corruption Adobe bulletin
Felix Gröbert Kakadu 2/18/2014 Memory corruption
Mateusz Jurczyk, Ivan Fratric, and Ben Hawkes Microsoft Office 1/14/2014 CVE-2014-0259 and CVE-2014-0260 Memory corruption Microsoft bulletin
Mateusz Jurczyk and Gynvael Coldwind Acrobat Reader and Acrobat 1/14/2014 CVE-2014-0493, CVE-2014-0495 Memory Corruption Adobe bulletin
Ivan Fratric Nginx 11/19/2013 CVE-2013-4547 Security bypass Product advisory
Ivan Fratric Microsoft Internet Explorer 10/8/2013 CVE-2013-3882 Memory Corruption Microsoft bulletin
Mateusz Jurczyk, Ivan Fratric, and Ben Hawkes Microsoft Sharepoint Server and Microsoft Excel 10/8/2013 CVE-2013-3889 Memory Corruption Microsoft bulletin
Mateusz Jurczyk, Ivan Fratric, and Ben Hawkes Microsoft Excel 10/8/2013 CVE-2013-3890 Memory Corruption Microsoft bulletin
Mateusz Jurczyk, Ivan Fratric, and Ben Hawkes Microsoft Word 10/8/2013 CVE-2013-3892 Memory Corruption Microsoft bulletin
Felix Gröbert ESET 10/2/2013 ESET-Update-8866 Memory Corruption ESET updates
Felix Gröbert Apple CoreGraphics 9/12/2013 CVE-2013-1025 Memory Corruption Apple advisory
Felix Gröbert Apple ImageIO 9/12/2013 CVE-2013-1026 Memory Corruption Apple advisory
Mateusz Jurczyk, Ivan Fratric, and Ben Hawkes Microsoft SharePoint Server, Microsoft Word, Microsoft Office Services and Web Apps 9/10/2013 CVE-2013-3847, CVE-2013-3848, CVE-2013-3849, CVE-2013-3857, CVE-2013-3858 Memory Corruption Microsoft bulletin
Mateusz Jurczyk, Ivan Fratric, and Ben Hawkes Microsoft Office 9/10/2013 CVE-2013-3847, CVE-2013-3848, CVE-2013-3849, CVE-2013-3850, CVE-2013-3851, CVE-2013-3852, CVE-2013-3853, CVE-2013-3854, CVE-2013-3855, CVE-2013-3856, CVE-2013-3857, CVE-2013-3858 Memory Corruption Microsoft bulletin
Mateusz Jurczyk and Gynvael Coldwind Acrobat Reader and Acrobat 9/10/2013 CVE-2013-3351, CVE-2013-3352, CVE-2013-3353, CVE-2013-3354, CVE-2013-3355, CVE-2013-3356 Memory Corruption Adobe bulletin
Mateusz Jurczyk and Ben Hawkes Adobe Flash Player 9/10/2013 CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324 Memory Corruption Adobe bulletin
Ivan Fratric and Ben Hawkes Microsoft Internet Explorer 9/10/2013 CVE-2013-3204 Memory Corruption Microsoft bulletin
Mateusz Jurczyk and Gynvael Coldwind Microsoft Windows 9/10/2013 CVE-2013-1341, CVE-2013-1342, CVE-2013-1343, CVE-2013-3864, CVE-2013-3865 Memory Corruption Microsoft bulletin
Mateusz Jurczyk Microsoft Windows 9/10/2013 CVE-2013-1344 Memory Corruption Microsoft bulletin
Fermin J. Serna Microsoft Internet Explorer 8/13/2013 CVE-2013-3186 Sandbox Escape Microsoft bulletin
Ivan Fratric and Ben Hawkes Microsoft Internet Explorer 8/13/2013 CVE-2013-3190 and CVE-2013-3191 Memory Corruption Microsoft bulletin
Mateusz Jurczyk Microsoft Windows 8/13/2013 CVE-2013-3196, CVE-2013-3197, CVE-2013-3198 Memory Corruption Microsoft bulletin
Ivan Fratric Microsoft Internet Explorer 7/27/2013 MSFT IE11 bug bounty Memory Corruption Microsoft bulletin
Fermin J. Serna Microsoft Internet Explorer 7/26/2013 MSFT IE11 bug bounty Memory Corruption Microsoft bulletin
Mateusz Jurczyk Microsoft Windows 7/9/2013 CVE-2013-3172 Memory Corruption Microsoft bulletin
Mateusz Jurczyk, Gynvael Coldwind and Fermin Serna Adobe Flash Player 7/9/2013 CVE-2013-3344, CVE-2013-3345 Memory Corruption Adobe bulletin
Ivan Fratric and Ben Hawkes Microsoft Internet Explorer 7/9/2013 CVE-2013-3115, CVE-2013-3161, CVE-2013-3162 Memory Corruption Microsoft bulletin
Abhishek Arya Mozilla Firefox 6/25/2013 CVE-2013-1684, CVE-2013-1685, CVE-2013-1686 Memory Corruption Mozilla advisory
Mateusz Jurczyk and Ben Hawkes Adobe Flash 6/11/2013 CVE-2013-3343 Memory Corruption Adobe bulletin
Ivan Fratric and Ben Hawkes Microsoft Internet Explorer 6/11/2013 CVE-2013-3113, CVE-2013-3114, CVE-2013-3116 and CVE-2013-3117 Memory Corruption Microsoft bulletin
Andrew Lyons and Neel Mehta Microsoft Office 6/11/2013 CVE-2013-1331 Buffer Overflow Microsoft bulletin
Mateusz "j00ru" Jurczyk Microsoft Windows 6/11/2013 CVE-2013-3136 Information Disclosure Microsoft bulletin
Fermin J. Serna, Abhishek Arya Apple Safari 6/4/2013 CVE-2013-1000, CVE-2013-0993, CVE-2013-0995, CVE-2013-0996, CVE-2013-1003, CVE-2013-1007, CVE-2013-1011, CVE-2013-1023 Memory Corruption Apple advisory
Felix Gröbert, Ivan Fratric PHP 5/20/2013 CVE-2013-2110 Memory Corruption PHP advisory
Abhishek Arya Apple Safari 5/16/2013 CVE-2013-0948, CVE-2013-0949, many Memory Corruption Apple advisory
Mateusz Jurczyk and Ben Hawkes Adobe Flash 5/14/2013 CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332 Memory Corruption Adobe bulletin
Mateusz Jurczyk, Gynvael Coldwind, and Fermin J. Serna Adobe Flash 5/14/2013 CVE-2013-3333, CVE-2013-3334, CVE-2013-3335 Memory Corruption Adobe bulletin
Tavis Ormandy Adobe Reader and Acrobat 5/14/2013 CVE-2013-2718, CVE-2013-3337 Memory Corruption Adobe bulletin
Mateusz Jurczyk and Gynvael Coldwind Adobe Reader and Acrobat 5/14/2013 CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2733, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341 Memory Corruption Adobe bulletin
Ivan Fratric Microsoft Internet Explorer 5/14/2013 CVE-2013-1307 Use After Free Microsoft bulletin
Mateusz "j00ru" Jurczyk and Gynvael Coldwind Microsoft Windows 5/14/2013 CVE-2013-1332 Double Fetch Vulnerability Microsoft bulletin
Abhishek Arya Mozilla Firefox 5/14/2013 CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681 Memory Corruption Mozilla advisory
Mateusz Jurczyk, Gynvael Coldwind, and Fermin J. Serna Adobe Flash 4/9/2013 CVE-2013-1378, CVE-2013-1379, CVE-2013-1380 Memory Corruption Adobe bulletin
Ivan Fratric and Ben Hawkes Microsoft Internet Explorer 4/9/2013 CVE-2013-1303 and CVE-2013-1304 Use After Free Microsoft bulletin
Andrew Lyons & Drew Hintz Microsoft Office 4/9/2013 CVE-2013-1289 XSS leading to privilege escalation Microsoft bulletin
Mateusz "j00ru" Jurczyk and Gynvael Coldwind Microsoft Windows 4/9/2013 CVE-2013-1283, CVE-2013-1292 and CVE-2013-1293 Race Condition Vulnerabilities and NULL Pointer Dereference Vulnerability Microsoft bulletin
Mateusz "j00ru" Jurczyk and Gynvael Coldwind Microsoft Windows 4/9/2013 CVE-2013-1284 and CVE-2013-1294 Race Condition Microsoft bulletin
Abhishek Arya Apple Safari 3/14/2013 CVE-2013-0948, CVE-2013-0949, many Memory Corruption Apple advisory
Mateusz Jurczyk, Gynvael Coldwind, and Fermin J. Serna Adobe Flash 3/12/2013 CVE-2013-1371, CVE-2013-1375 Memory Corruption Adobe bulletin
Felix Groebert BitDefender Antivirus 3/11/2013 many bugs reported and fixed in signature 9264365 / version 7.46034 Memory Corruption
Felix Groebert ClamAV Antivirus 3/11/2013 CVE-2013-2020, CVE-2013-2021 Memory Corruption ClamAV release note
Abhishek Arya Mozilla Firefox 2/19/2013 CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782 Memory Corruption Mozilla advisory
Niels Heinen Apache 2/18/2013 CVE-2012-3499 CVE-2012-4558 Multiple XSS vulnerabilities Apache advisory
Mateusz Jurczyk, Gynvael Coldwind, and Fermin J. Serna Adobe Flash 2/12/2013 CVE-2013-0642, CVE-2013-0644, CVE-2013-0645, CVE-2013-0647, CVE-2013-0649, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, CVE-2013-1373, CVE-2013-1374 Memory Corruption Adobe bulletin
Mateusz "j00ru" Jurczyk and Gynvael Coldwind Microsoft Windows 2/12/2013 CVE-2013-1278 and CVE-2013-1279 Race Condition Microsoft bulletin
Mateusz "j00ru" Jurczyk and Gynvael Coldwind Microsoft Windows 2/12/2013 Multiple vulenrabilities (30) Race Condition Microsoft bulletin
Felix Groebert, Mateusz Jurczyk, Gynvael Coldwind ClamAV Antivirus 2/5/2013 multiple bugs reported Memory Corruption ClamAV release note
Gynvael Coldwind, Felix Groebert, Mateusz Jurczyk ESET NOD32 1/29/2013 5 bugs reported, announced on ESET updates 7945, 7950, 7977, and 8007 Memory Corruption ESET updates
Mateusz Jurczyk, Gynvael Coldwind, and Fermin J. Serna Adobe Flash 1/8/2013 CVE-2013-0630 Memory Corruption Adobe bulletin
Mateusz Jurczyk and Gynvael Coldwind Adobe Reader and Acrobat 1/8/2013 CVE-2013-0601, CVE-2013-0602, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621 Memory Corruption Adobe bulletin
Abhishek Arya Mozilla Firefox 1/8/2013 CVE-2013-0760, CVE-2013-0762, many Memory Corruption Mozilla advisory
Mateusz Jurczyk, Gynvael Coldwind, and Fermin J. Serna Adobe Flash 12/11/2012 CVE-2012-5676 Memory Corruption Adobe bulletin
Tavis Ormandy Adobe Flash 12/11/2012 CVE-2012-5678 Memory Corruption Adobe bulletin
Fermin J. Serna Microsoft Internet Explorer 12/11/2012 CVE-2012-4787 Use After Free Microsoft bulletin
Abhishek Arya Mozilla Firefox 11/20/2012 CVE-2012-4214, CVE-2012-4215, many Memory Corruption Mozilla advisory
Felix Groebert System Center 2012 Endpoint Protection for Mac 11/19/2012 1 reported bug and fixed in signature update 7853 Memory Corruption
Mateusz "j00ru" Jurczyk Microsoft Windows 11/13/2012 CVE-2012-2553 Use After Free Microsoft bulletin
Mateusz Jurczyk, Gynvael Coldwind, and Fermin J. Serna Adobe Flash 11/6/2012 CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5279, CVE-2012-5280 Memory Corruption Adobe bulletin
Eduardo Vela Nava Adobe Flash 11/6/2012 CVE-2012-5278 Security Bypass Adobe bulletin
Mateusz Jurczyk FreeType2 10/24/2012 CVE-2012-5668, CVE-2012-5669, CVE-2012-5670 Memory Corruption
Abhishek Arya Mozilla Firefox 10/9/2012 CVE-2012-3995, CVE-2012-4179, many Memory Corruption Mozilla advisory
Drew Hintz and Andrew Lyons Microsoft Office, Communications Platforms, Server software, and Office Web Apps 10/9/2012 CVE-2012-2520 HTML Sanitization Vulnerability Microsoft bulletin
Mateusz Jurczyk, Gynvael Coldwind, and Fermin J. Serna Adobe Flash 10/8/2012 Multiple vulenrabilities (28) Memory Corruption Adobe bulletin
Niels Heinen opencryptoki 9/27/2012 CVE-2012-4454, CVE-2012-4455 Local privilege escalation CVE
Thai Duong Chrome, Firefox 9/21/2012 CVE-2012-4929 TLS Compression Information Leak CVE
Abhishek Arya Mozilla Firefox 8/28/2012 CVE-2012-1972, CVE-2012-1973, many Memory Corruption Mozilla advisory
Cris Neckar Microsoft Internet Explorer 8/15/2012 CVE-2012-2523 Memory Corruption Microsoft bulletin
Billy Rios Tridium Niagara 8/15/2012 CVE-2012-3024 Authentication Bypass US-CERT
Billy Rios Tridium Niagara 8/15/2012 CVE-2012-3025 Plaintext Credential Storage US-CERT
Billy Rios Tridium Niagara 8/15/2012 CVE-2012-4027 Privilege Escalation US-CERT
Billy Rios Tridium Niagara 8/15/2012 CVE-2012-4028 Weak Credential Storage US-CERT
Mateusz Jurczyk, Gynvael Coldwind Adobe Reader 8/14/2012 CVE-2012-4149, CVE-2012-4160 Memory Corruption Adobe bulletin
Mateusz "j00ru" Jurczyk Adobe Reader and Acrobat 8/14/2012 CVE-2012-2051 Memory Corruption Adobe bulletin
Mateusz Jurczyk and Gynvael Coldwind Adobe Reader and Acrobat 8/14/2012 CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, CVE-2012-4160 Memory Corruption Adobe bulletin
Cris Neckar Microsoft Internet Explorer 8/14/2012 CVE-2012-2523 Integer Overflow Remote Code Execution Microsoft bulletin
Mateusz "j00ru" Jurczyk Microsoft Windows 8/14/2012 CVE-2012-2527 Use After Free Microsoft bulletin
Andrew Lyons & Drew Hintz Tencent QQ Webmail 8/7/2012 TPSA12-05 Persistent XSS Tencent bulletin
Mateusz Jurczyk, Gynvael Coldwind Google Chrome 8/6/2012 CVE-2012-2851, CVE-2012-2855, CVE-2012-2856, CVE-2012-2862, CVE-2012-2863, many more. Memory Corruption Blog
Abhishek Arya, Adam Barth, Cris Neckar, David Levin, Julien Chaffraix, Stephen Chenney, Thomas Sepez Apple Safari 6 (WebKit) 7/25/2012 many Memory Corruption Apple advisory
Abhishek Arya Mozilla Firefox 7/17/2012 CVE-2012-1951, CVE-2012-1954, CVE-2012-1953, CVE-2012-1952 Memory Corruption Mozilla advisory
Mateusz Jurczyk libexif 7/12/2012 CVE-2012-2812, CVE-2012-2813, CVE-2012-2814 Memory Corruption, Information Leak Bugtraq
Google Security Team Microsoft XML Core Services 7/10/2012 CVE-2012-1889 Memory Corruption Microsoft bulletin
Niels Heinen Apache 6/13/2012 CVE-2012-2687 XSS Apache bug tracker
Google Inc Microsoft Internet Explorer 6/12/2012 CVE-2012-1875 Remote Code Execution Microsoft bulletin
Mateusz "j00ru" Jurczyk Microsoft Windows 6/12/2012 CVE-2012-1867 Integer Overflow Microsoft bulletin
Billy Rios Microsoft Windows 6/12/2012 CVE-2007-2219 Remote Code Execution MS bulletin
Tavis Ormandy Adobe Flash 6/8/2012 CVE-2012-2039 NULL Pointer Dereference Vulnerability Adobe bulletin
Abhishek Arya Mozilla Firefox 6/5/2012 CVE-2012-1947, CVE-2012-1940, CVE-2012-1941 Memory Corruption Mozilla advisory
Kees Cook nVidia graphics drivers 5/17/2012 CVE-2012-0951, CVE-2012-0952, CVE-2012-0953 Privilege Escalation Bug tracker
Andrew Lyons & Drew Hintz Microsoft Hotmail 5/1/2012 CVE-2012-2520 Persistent XSS MS bulletin
Tavis Ormandy OpenSSL 4/19/2012 CVE-2012-2110 ASN.1 parsing bug in OpenSSL
Billy Rios Siemens WinCC 4/18/2012 CVE-2011-4508 Authentication Bypass US-CERT
Billy Rios Siemens WinCC 4/18/2012 CVE-2011-4509 Weak Credentials US-CERT
Billy Rios Siemens WinCC 4/18/2012 CVE-2011-4510 XSS US-CERT
Billy Rios Siemens WinCC 4/18/2012 CVE-2011-4511 XSS US-CERT
Billy Rios Siemens WinCC 4/18/2012 CVE-2011-4513 Client side attacks via specially crafted files US-CERT
Ken Mixter & Daniel Kurtz Xorg 4/18/2012 CVE-2012-2118 Format string flaw when logging input device names Blog
Niels Heinen Apache (debian) 4/15/2012 CVE-2012-0216 Code execution on specific setups Debian advisory
Mateusz Jurczyk, Gynvael Coldwind FFmpeg, libav 4/14/2012 CVE-2011-3930 up to CVE-2011-3952; many more. Memory Corruption Link
Drew Hintz and Andrew Lyons Microsoft SharePoint Server, Groove Server, SharePoint Foundation, and Office Web Apps 4/9/2012 CVE-2013-1289 HTML Sanitization Vulnerability Microsoft bulletin
Billy Rios Invensys Information Portal 4/2/2012 CVE-2012-0225 XSS US-CERT
Billy Rios Invensys Information Portal 4/2/2012 CVE-2012-0226 SQLi US-CERT
Billy Rios Invensys Information Portal 4/2/2012 CVE-2012-0228 Privilege Escalation US-CERT
Fermin J. Serna Adobe Flash 3/28/2012 CVE-2012-0724, CVE-2012-0725 Memory Corruption Adobe bulletin
Mateusz Jurczyk FreeType2 3/8/2012 CVE-2012-1126 up to CVE-2012-1144 Memory Corruption Link
Abhishek Arya, Adam Klein, Cris Neckar, Dave Levin, Lei Zhang, Jeremy Apthorp, Julien Chaffraix, Lei Zhang Apple Safari 5.1.4, iTunes 10.6 (WebKit) 3/7/2012 many Memory Corruption Apple advisory
Tavis Ormandy Adobe Flash 3/5/2012 CVE-2012-0768 Memory Corruption Adobe bulletin
Kees Cook glibc 3/5/2012 CVE-2012-0864 FORTIFY_SOURCE bypass via format string nargs integer overflow. NOTE: fix vuln only, did not find. Link
Mateusz Jurczyk OpenType Sanitizer 3/2/2012 CVE-2011-3062 Off-by-one Chrome bug tracker
Fermin Serna Adobe Flash 2/23/2012 CVE-2012-0769 Information leak Link
Google Security Team Adobe Flash 2/16/2012 CVE-2012-0767 Universal XSS Adobe bulletin
Mateusz Jurczyk, Gynvael Coldwind FFmpeg 2/16/2012 CVE-2011-3019, CVE-2011-3929, CVE-2011-3934, CVE-2011-3935 to CVE-2011-3937, CVE-2011-3940, CVE-2011-3941, CVE-2011-3944 to CVE-2011-3947, CVE-2011-3949 to CVE-2011-3952, CVE-2012-0853, CVE-2012-0947, CVE-2012-2774 to CVE-2012-2777, CVE-2012-2779, CVE-2012-2782 to CVE-2012-2804, CVE-2013-0861 to CVE-2013-0869, CVE-2013-0872 to CVE-2013-0878, CVE-2013-2276, CVE-2013-2277, CVE-2013-2495, CVE-2013-2496, many more Memory Corruption
Eduardo Vela Adobe Flash 2/15/2012 CVE-2012-0755 Flash Origin Spoofing Adobe bulletin
Billy Rios Invensys HMI Reports 2/8/2012 CVE-2011-4038 XSS US-CERT
Billy Rios Invensys HMI Reports 2/8/2012 CVE-2011-4039 Memory Corruption US-CERT
Ben Hawkes Mozilla Firefox 1/31/2012 CVE-2012-0443 Memory Corruption Mozilla advisory
Meder Kydyraliev Struts2/XWork 1/22/2012 CVE-2011-3923 Remote Code Execution Link
Tavis Ormandy Adobe Reader and Acrobat 1/10/2012 CVE-2011-4370 Memory Corruption Adobe bulletin
Billy Rios Adobe Reader and Acrobat 1/10/2012 CVE-2011-4371 Memory Corruption Adobe bulletin
Neel Mehta Microsoft Windows 1/10/2012 CVE-2012-0004 Remote Code Execution Microsoft bulletin
Ben Laurie OpenSSL 1/4/2012 CVE-2011-4109 Double Free OpenSSL security advisory
Mateusz Jurczyk Microsoft Windows 12/13/2011 CVE-2011-2018 Exception Handler Vulnerability MS bulletin
Michal Zalewski Firefox / Chrome / Safari / Opera/ Internet Explorer 12/6/2011 CVE-2011-4692 CVE-2011-4691 CVE-2011-4690 CVE-2011-4689 CVE-2011-4688 Cache timing attack Link
Billy Rios Apple Safari 11/17/2011 CVE-2010-0045 Remote Code Execution Apple advisory
Billy Rios Apple Safari 11/16/2011 CVE-2010-1778 File Theft Apple advisory
Eduardo Vela Netflix 11/11/2011 Script Inclusion and XSS
Ben Hawkes Adobe Flash 11/10/2011 CVE-2011-2456 Memory Corruption Adobe bulletin
Tavis Ormandy Adobe Flash 11/10/2011 CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2457, CVE-2011-2460 Memory Corruption Adobe bulletin
Felix Groebert Apple FileVault 10/14/2011 CVE-2011-3212 Information Leak
Billy Rios Apple Safari, AppleTV 10/12/2011 CVE-2011-0216 Heap Overflow Apple advisory
Abhishek Arya, Adam Barth, Cris Neckar, Dimitri Glazkov, Dominic Cooney, John Knottenbelt, Kent Tamura, Philip Rogers, Raman Tenneti, Sadrul Habib Chowdhury, SkyLined iTunes 10.5 (WebKit) 10/11/2011 many Memory Corruption Apple advisory
Abhishek Arya, Adam Barth, Cris Neckar, Dimitri Glazkov, Dominic Cooney, Kent Tamura, Philip Rogers, Raman Tenneti, Sadrul Habib Chowdhury, SkyLined Apple Safari 5.1.1 10/11/2011 many Memory Corruption Apple advisory
Ben Hawkes Mozilla Firefox 9/27/2011 CVE-2011-3003 Memory Corruption Mozilla advisory
Ben Hawkes nginx 9/11/2011 CVE-2011-4315 Memory Corruption Link
Ben Hawkes Squid 8/28/2011 CVE-2011-3205 Memory Corruption Link
Eduardo Vela Facebook 8/15/2011 XSS and RPC spoofing Blog
Tavis Ormandy Adobe Flash 8/12/2011 CVE-2011-2424 (one CVE, dozens of bugs) Memory Corruption Blog
Michal Zalewski Microsoft Internet Explorer 8/9/2011 MS11-057 Defense in Depth MS bulletin
Billy Rios Adobe Reader 6/14/2011 CVE-2011-2101 Remote Code Execution Adobe bulletin
Robert Swiecki Microsoft Internet Explorer 6/14/2011 CVE-2011-1246 Universal XSS MS bulletin
Chris Evans libxml 5/27/2011 Integer Problems / Memory Corruption Blog
Niels Heinen Python 5/24/2011 CVE-2011-1521 File Disclosure Python Blog
Eduardo Vela easyXDM 4/14/2011 XSS and RPC spoofing Link
Felix Groebert Apple CoreGraphics and TypeServer 3/23/2011 CVE-2011-0175, CVE-2011-0176, CVE-2011-0202 Code Execution
Chris Evans Chrome, Firefox, Internet Explorer, Opera, Safari 3/9/2011 Information leak Blog
Abhishek Arya, Chris Evans, Emil A Eklund, Michal Zalewski, Mihai Parparita, SkyLined, Yuzo Fujishima iTunes 10.2 3/9/2011 many Memory Corruption Apple advisory
Abhishek Arya, Chris Evans, Emil A Eklund, Erik Wong, Michal Zalewski, Mihai Parparita, SkyLined, Yuzo Fujishima iOS 4.3 3/9/2011 many Memory Corruption Apple advisory
Abhishek Arya, Chris Evans, Emil A Eklund, Michal Zalewski, Mihai Parparita, SkyLined, Yuzo Fujishima Apple Safari 5.0.4 3/9/2011 many Memory Corruption Apple advisory
Chris Evans Foxit PDF Reader 3/5/2011 Arbitrary file write Blog
Billy Rios Adobe Reader 2/8/2011 CVE-2011-0587 XSS Adobe bulletin
Billy Rios Adobe Reader 2/8/2011 CVE-2011-0604 XSS Adobe bulletin
Felix Groebert Ruby on Rails 2/8/2011 CVE-2011-0447 XSRF
Eduardo Vela Oracle Java Applets 2/1/2011 CVE-2010-4466 Java Universal XSS Vulnerability Oracle advisory
Eduardo Vela Marcaria.com 1/12/2011 Authentication Bypass
Michal Zalewski Microsoft Internet Explorer 1/1/2011 CVE-2011-0347 Graphics rendering problem Blog
Michal Zalewski Microsoft Internet Explorer 6, 7, 8 1/1/2011 MS11-018 CVE-2011-0346 Use After Free Blog
Abhishek Arya, Cris Neckar, Rohit Makasana Apple Safari 5.0.3 11/22/2010 many Memory Corruption Apple advisory
Abhishek Arya, Cris Neckar, Rohit Makasana iOS4.2 11/22/2010 many Memory Corruption Apple advisory
Chris Evans Microsoft Internet Explorer 10/21/2010 Cross-origin Infomation Disclosure Blog
Eduardo Vela Mozilla Firefox 10/19/2010 CVE-2010-3178 Cross-site Information Disclosure Mozilla advisory
Michal Zalewski Apple Safari 5 (WebKit) 10/7/2010 CVE-2010-1119 CVE-2010-3811 Use After Free Blog
Billy Rios Adobe Reader 10/5/2010 CVE-2010-3625 Remote Code Execution Adobe bulletin
Michal Zalewski Firefox 3.5, Safari 5 (WebKit) 10/5/2010 CVE-2010-1206 MFSA 2010-45 CVE-2010-3774 MFSA 2010-83 CVE-2010-2454 URL bar spoofing vulnerabilities Blog
Chris Evans Microsoft Internet Explorer 9/29/2010 Universal XSS Blog
Ben Hawkes Linux kernel 9/14/2010 CVE-2010-3301 Local Privilege Escalation Link
Michal Zalewski Mozilla Firefox 3.6 9/7/2010 MFSA 2010-49 CVE-2010-3169 MFSA 2010-64 CVE-2010-3175 Memory Corruption Mozilla advisory
Ben Hawkes Linux kernel 9/7/2010 CVE-2010-3081 Local Privilege Escalation Link
Ben Hawkes Linux kernel 8/20/2010 CVE-2010-2959 Local Privilege Escalation Link
Meder Kydyraliev JBoss Seam 7/28/2010 CVE-2010-1871 Remote Code Execution Blog
Meder Kydyraliev Struts2/XWork 7/9/2010 CVE-2010-1870 Remote Code Execution Link
Robert Swiecki FreeType2 6/5/2010 CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 Memory Corruption Link
Eduardo Vela Apple Safari 4/15/2010 CVE-2010-1394 HTML Serialization Bug Apple advisory
Michal Zalewski Firefox 3.5, Safari 5 (WebKit) 4/15/2010 MFSA 2010-31 CVE-2010-1125 CVE-2010-1422 Strokejacking Blog
Billy Rios Adobe Reader 4/13/2010 CVE-2010-0190 Remote Code Execution Adobe bulletin
Billy Rios Adobe Reader 4/13/2010 CVE-2010-0191 Remote Code Execution Adobe bulletin
Michal Zalewski Microsoft Internet Explorer 6 4/5/2010 MS10-035 CVE-2010-1259 Uninitialized memory corruption vulnerability Microsoft bulletin
Eduardo Vela Microsoft Internet Explorer 2/10/2010 CVE-2010-3243 CSS Serialization Problem Microsoft bulletin
Neel Mehta, Sumit Gwalani, Drew Hintz Microsoft Windows 2/9/2010 CVE-2010-0239, CVE-2010-0240, CVE-2010-0241 Remote Code Execution Microsoft bulletin
Michal Zalewski Apple Safari 5 (WebKit) 2/3/2010 CVE-2010-0544 Universal XSS Blog
Eduardo Vela Microsoft Internet Explorer 1/21/2010 CVE-2009-4074, CVE-2010-1489 Universal XSS Microsoft bulletin
Tavis Ormandy Microsoft Windows 1/21/2010 CVE-2010-0232 Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack Blog
Chris Evans Chrome, Firefox, Internet Explorer, Opera, Safari 12/28/2009 Cross-origin Infomation Disclosure Blog
Billy Rios Mozilla Firefox 11/25/2009 CVE-2008-2933 Protocol handling issue Mozilla bug tracker
Tavis Ormandy, Julien Tinnes VMware 10/30/2009 CVE-2009-2267 Guest Privilege Escalation Blog
Michal Zalewski Apple Safari 4 (WebKit) 9/24/2009 CVE-2009-3384 Code Execution
Julien Tinnes, Tavis Ormandy NetBSD and other kernels. 9/16/2009 CVE-2009-2793 Privilege Escalation Link
Drew Hintz Microsoft Silverlight.net 9/1/2009 MSRC 9210 SQL Injection
Tavis Ormandy, Julien Tinnes Linux Kernel 8/28/2009 CVE-2009-2698 Privilege Escalation Blog
Tavis Ormandy, Julien Tinnes Linux Kernel 8/13/2009 CVE-2009-2692 Privilege Escalation Link
Peter Valchev libexpat 8/6/2009 CVE-2009-3720 Memory Corruption, DoS NVD
Chris Evans Apple CoreGraphics 8/5/2009 Memory Corruption Blog
Julien Tinnes, Tavis Ormandy Pulseaudio 7/16/2009 CVE-2009-1894 Privilege Escalation Blog
Tavis Ormandy, Julien Tinnes Microsoft VirtualPC 7/15/2009 CVE-2009-1542 Guest Privilege Escalation Microsoft bulletin
Chris Evans mimetex 7/10/2009 Memory Corruption, Information Disclosure Link
Chris Palmer Android 7/6/2009 CVE-2009-2348 Authorization Bypass oCERT advisory
Julien Tinnes, Tavis Ormandy Linux kernel 6/26/2009 CVE-2009-1895 mmap_min_addr bypass Blog
Chris Evans Apple Safari 6/9/2009 Cross-origin Infomation Disclosure Blog
Chris Evans Apple Safari 6/8/2009 File theft Blog
Michal Zalewski Apple Safari 4 (WebKit) 5/20/2009 CVE-2009-1684 Universal XSS
Chris Evans Java 3/27/2009 Memory Corruption Blog
Chris Evans LittleCMS (lcms) 3/17/2009 Memory Corruption Blog
Chris Evans Linux kernel 2/24/2009 Bypass signal restrictions Blog
Michal Zalewski Microsoft Internet Explorer 2/12/2009 MS09-014 CVE-2009-0551 Memory Corruption MS bulletin
Chris Evans Linux kernel 1/23/2009 Syscall filter bypass Blog
Chris Evans Mozilla Firefox 12/7/2008 Cross-origin Infomation Disclosure Blog
Billy Rios Java 12/5/2008 CVE-2008-5343 GIFAR NVD
Chris Evans Mozilla Firefox 11/17/2008 Cross-origin Infomation Disclosure Blog
Michal Zalewski, Chris Evans Mozilla Firefox 2 11/12/2008 MFSA 2008-48 CVE-2008-5012 Cross-domain Data Disclosure Mozilla advisory
Drew Hintz Apple Mailing Lists 11/3/2008 XSS
Chris Evans Python 10/20/2008 Memory Corruption Blog
Ben Laurie Various OpenID providers 8/8/2008 CVE-2008-3280 Weak SSL keys in OpenID providers Link
Chris Evans libxslt 7/31/2008 Memory Corruption Blog
Michal Zalewski Apple Mac OS X 5/18/2008 CVE-2008-2321 Code Execution
Chris Evans Java 3/5/2008 Memory Corruption Blog
Chris Evans Ghostscript 2/27/2008 Memory Corruption Blog
Michal Zalewski Mozilla Firefox 2 2/7/2008 MFSA 2008-02 CVE-2008-0414 Strokejacking Mozilla advisory
Michal Zalewski Mozilla Firefox 2 2/7/2008 MFSA 2008-08 CVE-2008-0591 Trusted UI problem Mozilla advisory
Martin Straka Mozilla Firefox 2/1/2008 CVE-2008-0593 Information Leak Mozilla advisory
Peter Valchev libcairo 11/16/2007 CVE-2007-5503 Memory Corruption NVD
Chris Evans pcre 11/7/2007 Memory Corruption Link
Michal Zalewski Apple Mac OS X 11/6/2007 CVE-2007-5854 XSS
Billy Rios Microsoft Windows 10/11/2007 CVE-2007-3896 Remote Code Execution NVD
Billy Rios Java 10/3/2007 CVE-2007-5232 DNS Rebinding NVD
Michal Zalewski Apple Safari 3 (WebKit) 7/12/2007 CVE-2007-3758 CVE-2007-3760 CVE-2007-3756 Universal XSS
Billy Rios Mozilla Firefox 7/10/2007 CVE-2007-3670 Protocol handling issue NVD
Martin Straka Java 2 Platform, Standard Edition 6/1/2007 Security Sun Alert 201348 XSS Oracle advisory
Chris Evans Java 5/15/2007 Memory Corruption Link
Robert Swiecki Linux kernel 3/27/2007 CVE-2007-1734 Kernel memory disclosure Security Focus
Chris Evans OpenBSD kernel 10/7/2006 Memory Corruption Link
Tavis Ormandy gzip 8/28/2006 CVE-2006-4336, CVE-2006-4337, CVE-2006-4338 Memory Corruption Link
Tavis Ormandy libtiff 6/16/2006 CVE-2006-3460, CVE-2006-3461, CVE-2006-3462 Memory Corruption Link
Chris Evans libgif 11/6/2005 Memory Corruption Link