Vulnerabilities and exposures


The following summarize most of the vulnerabilities and software exposures found and reported by Hector Marco-Gisbert and Ismael Ripoll.

Published CVE's

Date CVE # Product Description Vulnerability type
2015 CVE-2019-9019 To be disclosed British Airways Entertainment System Chat App. Crash To be disclosed
2016 CVE-2016-4484 cryptsetup <= 2:1.7.3-2 Initrd root Shell Not failing securely
2016 CVE-2016-3672 Linux <= 4.5 Disable ASLR ASLR Weakness
2015 CVE-2015-8370 Grub2 <= 2.02 Authentication Bypass Integer Underflow
2015 CVE (pending) Glibc <= 2.22.90 Bypass Pointer guard Dynamic loader weakness
2015 CVE (pending) Linux ASLR <= 4.0 AMD Linux ASLR weakness Improper alignment
2015 CVE (pending) Linux ASLR <= 3.18 Reduced mmap entropy Improper mask manipulation
2015 CVE-2015-1593 Linux ASLR <= 3.19 Reduced stack entropy Integer overflow
2015 CVE-2015-1574 Google Email 4.2.2 Denial of Service Incorrect headers handling
2015 CVE (pending) Android To be disclosed To be disclosed
2014 CVE-2014-5439 sniffit <= 0.3.7 Root shell Stack buffer overflow
2014 CVE-2013-6825 DCMTK <= 3.6.1 Root Privilege escalation Drop privileges failed
2014 CVE-2014-1226 s3dvt <= 0.2.2 Root shell (II) Drop privileges failed
2013 CVE-2013-6876 s3dvt <= 0.2.2 Root shell (I) Drop privileges failed
2013 CVE-2013-4788 Glibc <= 2.17 Bypass pointer guard No pointer protection





Hector Marco - http://hmarco.org