Author: Tavis Ormandy

Country: us

Reported research: 46

Advisories

Risk	Topic & Details
Med.	Evernote Web Clipper Same-Origin Policy Bypass Remote \| 2022-12-06
High	123elf Project Buffer Overflow Local \| 2022-09-06
High	Mutt mutt_decode_uuencoded() Memory Disclosure (CVE assigned) Remote \| 2022-07-11
Low	Fedora / Gnome fscaps Issue Local \| 2021-06-24
Med.	Glibc Character Conversion Assertion Remote \| 2021-01-29
High	SecureCRT Memory Corruption (CVE assigned) Remote \| 2020-05-17
Med.	systemd-machined Incorrect Reference Decrement Local \| 2020-02-08
High	LastPass Credential Leak From Previous Site Local \| 2019-09-16
High	NSS Netscape Certificate Sequences CERT_DecodeCertPackage() Crash Remote \| 2019-03-21
High	Razer Cortex Debugger Remote Command Execution Remote \| 2018-12-18
High	Ghostscript 1Policy Dangerous Access To Operator (CVE assigned) Remote \| 2018-10-19
Med.	Ghostscript Exposed System Operators (CVE assigned) Local \| 2018-10-11
Med.	Ghostscript Failed Restore Command Execution Remote \| 2018-09-07
Med.	FromDocToPdf Browser History Disclosure Local \| 2018-04-18
Low	Video Downloader Universal Cross Site Scripting Remote \| 2018-04-07
High	Blizzard Update Agent JSON RPC DNS Rebinding Remote \| 2018-01-24
High	Cisco WebEx Sanitization bypasses permit Arbitrary Remote Command Execution Remote \| 2017-07-18
High	TrendMicro node.js HTTP server listening on localhost can execute commands Remote \| 2016-01-12
High	Avast stack buffer overflow, strncpy length discarded Local \| 2015-12-15
Med.	Kaspersky Antivirus incorrect %PROGRAMDATA% ACL Local \| 2015-11-17
High	Kaspersky Antivirus Certificate handling path traversal Remote \| 2015-11-17
High	Avast Antivirus X.509 Error Rendering Command Execution Remote \| 2015-10-02
High	ESET Remote Comand Execution Vulnerability Remote \| 2015-06-24
High	Fuse Local Privilege Escalation (CVE assigned) Local \| 2015-05-23
High	Ubuntu usb-creator 0.2.x - Local Root Privilege Escalation Local \| 2015-04-23
High	Apport/Abrt Local Root Exploit (CVE assigned) Local \| 2015-04-14
Med.	Fedora abrt Race Condition Exploit (CVE assigned) Local \| 2015-04-14
High	Windows 8 Touch Injection API doesn\'t handle memory pressure PoC Local \| 2014-05-25
High	Windows 8 Touch Injection API doesn\'t handle memory pressure Local \| 2014-05-25
Low	bzip2 1.0.5 local users execute arbitrary code (CVE assigned) Local \| 2014-04-18

Author: Tavis Ormandy

Country: us

Reported research: 46

Advisories

Med.

Remote | 2022-12-06

High

Local | 2022-09-06

High

Mutt mutt_decode_uuencoded() Memory Disclosure (CVE assigned)

Remote | 2022-07-11

Low

Local | 2021-06-24

Med.

Remote | 2021-01-29

High

SecureCRT Memory Corruption (CVE assigned)

Remote | 2020-05-17

Med.

Local | 2020-02-08

High

Local | 2019-09-16

High

Remote | 2019-03-21

High

Remote | 2018-12-18

High

Ghostscript 1Policy Dangerous Access To Operator (CVE assigned)

Remote | 2018-10-19

Med.

Ghostscript Exposed System Operators (CVE assigned)

Local | 2018-10-11

Med.

Remote | 2018-09-07

Med.

Local | 2018-04-18

Low

Remote | 2018-04-07

High

Remote | 2018-01-24

High

Remote | 2017-07-18

High

Remote | 2016-01-12

High

Local | 2015-12-15

Med.

Local | 2015-11-17

High

Remote | 2015-11-17

High

Remote | 2015-10-02

High

Remote | 2015-06-24

High

Fuse Local Privilege Escalation (CVE assigned)

Local | 2015-05-23

High

Local | 2015-04-23

High

Apport/Abrt Local Root Exploit (CVE assigned)

Local | 2015-04-14

Med.

Fedora abrt Race Condition Exploit (CVE assigned)

Local | 2015-04-14

High

Local | 2014-05-25

High

Local | 2014-05-25

Low

bzip2 1.0.5 local users execute arbitrary code (CVE assigned)

Local | 2014-04-18