List of CVEs
research induced Common Vulnerabilities and Exposure (CVE) excerpt
The following is an incomplete list of CVEs assigned during my research.
2022
- PSIRTPSIRT-14270: (PDF) Execute High Privileged JavaScript Code in a Certified Document2022
- CVECVE-2022-25641: (PDF) Incremental Saving Attack / Shadow AttackCVSS: 4.4 (Medium), 2022
2021
- CVECVE-2021-28545: (PDF) Evil Annotation AttackCVSS: 8.1 (High), 2021
- CVECVE-2021-25636: (ODF) Content Spoofing and Code ExecutionCVSS: 7.5 (High), 2021
- CVECVE-2021-28546: (PDF) Sneaky Signature AttackCVSS: 6.5 (Medium), 2021
- CVECVE-2021-25635: (ODF) Content SpoofingCVSS: 7.5 (High), 2021
- CVECVE-2021-25634: (ODF) Timestamp Manipulation with Signature WrappingCVSS: 7.5 (High), 2021
- CVECVE-2021-25633: (ODF) Content Spoofing and Code ExecutionCVSS: 7.5 (High), 2021
- CVECVE-2021-41831: (ODF) XSW on Signature TimestampCVSS: 5.3 (Medium), 2021
- CVECVE-2021-41830: (ODF) Content Spoofing and Code ExecutionCVSS: 7.5 (High), 2021
- CVECVE-2021-40326: (PDF) New Shadow Attack VariantCVSS: 5.5 (Medium), 2021
- CVECVE-2021-41832: (ODF) Content SpoofingCVSS: 7.5 (High), 2021
2020
- CVECVE-2020-9596: (PDF) Shadow AttackCVSS: 7.8 (High), 2020
- CVECVE-2020-24432 (PDF) Arbitrary JavaScript ExecutionCVSS: 7.8 (High), 2020
- CVECVE-2020-9592: (PDF) Shadow AttackCVSS: 7.8 (High), 2020
- CVECVE-2020-35931: (PDF) Evil Annotation AttackCVSS: 7.8 (High), 2020
2018
- CVECVE-2018-18689: (PDF) Signature Wrapping Attack2018
- CVECVE-2018-18688: (PDF) Incremental Saving Attack2018
- CVECVE-2018-16042: (PDF) Universal Signature Forgery2018
2015
- Nimbus(OpenID Connect) Nimbus OAuth 2.0 SDK with OpenID Connect Extensions | Connect2idIn , 2015
- Pyoidc(OpenID Connect) Pyoidc.In , 2015
2014
- CVECVE-2014-8249: (OpenID) Identity Spoofing2014
- CVECVE-2014-2048: (OpenID) Identity Spoofing in ownCloud2014
- CVECVE-2014-8251: (OpenID) Identity Spoofing2014
- CVECVE-2014-8250: (OpenID) Identity Spoofing2014
- CVECVE-2014-8253: (OpenID) Identity Spoofing2014
- CVECVE-2014-8252: (OpenID) Identity Spoofing2014
- CVECVE-2014-8411: (XML) XE DoS in OpenNebula2014
- CVECVE-2014-8265: (OpenID) Identity Spoofing2014
- CVECVE-2014-8254: (OpenID) Identity Spoofing2014
- CVECVE-2014-1475: (OpenID) Identity Spoofing in Drupal2014
- Slashdot(OpenID) Security Report: Thanks to Christian Mainka and Vladislav Mladenov - SlashdotIn , Jul 2014