The Internet Program Statistics


View program

32 total issues disclosed

$124,000 total paid publicly

Most disclosed (10 disclosures) — None supplied



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
CVE-2020-9383 Floppy OOB read Buffer Over-read jordyzomer High 2021-08-22
IP-in-IP protocol routes arbitrary traffic by default - CVE-2020-10136 Improper Access Control - Generic yannayl Medium 2021-08-15
[CVE-2020-27194] Linux kernel: eBPF verifier bug in `or` binary operation tracking function leads to LPE Privilege Escalation simonscannell High 2021-07-23
Uncovering file quarantine and UX security issues in macOS apps ( .terminal, .fileloc and .url) Violation of Secure Design Principles metnew No rating 2021-07-23
Canonical Snapcraft vulnerable to remote code execution under certain conditions None supplied itszn Medium 2021-07-23
Fragmentation and Aggregation Flaws in Wi-Fi Cryptographic Issues - Generic vanhoefm No rating 2021-07-23
Ubuntu Linux privilege escalation (dirty_sock) Privilege Escalation initstring High 2019-08-28
Cross-site information assertion leak via Content Security Policy Information Disclosure zemnmez No rating 2018-09-05
ACME TLS-SNI-01/02 challenge vulnerable when combined with shared hosting providers Privilege Escalation fransrosen Critical 2018-05-19
Unsecure: Bypass alerts of Little Flocker / Little Snitch / HandsOff! / BlockBlock (same concept can be applied to other security tools) None supplied pwnsdx No rating 2017-12-12
Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse Reusing a Nonce, Key Pair in Encryption vanhoefm Medium 2017-11-03
RCE via ssh:// URIs in multiple VCS OS Command Injection joernchen High 2017-09-21
Race Conditions in OAuth 2 API implementations Improper Authentication - Generic dor1s Medium 2017-09-19
ntpd: read_mru_list() does inadequate incoming packet checks Denial of Service magnusstubman Low 2017-07-12
Mercurial can be tricked into granting authorized users access to the Python debugger Code Injection claudijd High 2017-07-12
Insufficient shell characters filtering leads to (potentially remote) code execution (CVE-2016-3714) None supplied stewie No rating 2016-05-03
libcurl duphandle read out of bounds None supplied sparaschoudis No rating 2015-11-05
Heap overflow in H. Spencer’s regex library on 32 bit systems Memory Corruption - Generic guido No rating 2015-04-06
open redirect in rfc6749 Open Redirect asanso No rating 2015-04-06
Drupal 7 pre auth sql injection and remote code execution SQL Injection shorst No rating 2015-04-06
FREAK: Factoring RSA_EXPORT Keys to Impersonate TLS Servers Cryptographic Issues - Generic prosecco-inria No rating 2015-04-01
Bad Write in TTF font parsing (win32k.sys) Memory Corruption - Generic dirtybit No rating 2015-03-01
libcurl: URL request injection None supplied isciurus No rating 2015-01-08
rsync hash collisions may allow an attacker to corrupt or modify files Cryptographic Issues - Generic mik No rating 2014-11-18
TLS Virtual Host Confusion None supplied adl No rating 2014-11-10
GNU Bourne-Again Shell (Bash) 'Shellshock' Vulnerability None supplied stephane-chazelas No rating 2014-10-01
Multiple issues in looking-glass software (aka from web to BGP injections) Cross-site Scripting (XSS) - Generic kaeso No rating 2014-09-17
LZ4 Core Memory Corruption - Generic donb No rating 2014-07-25
Bypassing Same Origin Policy With JSONP APIs and Flash None supplied molnarg No rating 2014-07-19
Uncontrolled Resource Consumption with XMPP-Layer Compression Denial of Service gianko No rating 2014-04-20
TLS Triple Handshake Attack None supplied prosecco-inria No rating 2014-03-03
OpenSSH: Memory corruption in AES-GCM support None supplied markus No rating 2013-11-07