List of CVEs

research induced Common Vulnerabilities and Exposure (CVE) excerpt

The following is an incomplete list of CVEs assigned during my research.

2022

  1. PSIRT
    PSIRT-14270: (PDF) Execute High Privileged JavaScript Code in a Certified Document
    2022
  2. CVE
    CVE-2022-25641: (PDF) Incremental Saving Attack / Shadow Attack
    CVSS: 4.4 (Medium), 2022

2021

  1. CVE
    CVE-2021-28545: (PDF) Evil Annotation Attack
    CVSS: 8.1 (High), 2021
  2. CVE
    CVE-2021-25636: (ODF) Content Spoofing and Code Execution
    CVSS: 7.5 (High), 2021
  3. CVE
    CVE-2021-28546: (PDF) Sneaky Signature Attack
    CVSS: 6.5 (Medium), 2021
  4. CVE
    CVE-2021-25635: (ODF) Content Spoofing
    CVSS: 7.5 (High), 2021
  5. CVE
    CVE-2021-25634: (ODF) Timestamp Manipulation with Signature Wrapping
    CVSS: 7.5 (High), 2021
  6. CVE
    CVE-2021-25633: (ODF) Content Spoofing and Code Execution
    CVSS: 7.5 (High), 2021
  7. CVE
    CVE-2021-41831: (ODF) XSW on Signature Timestamp
    CVSS: 5.3 (Medium), 2021
  8. CVE
    CVE-2021-41830: (ODF) Content Spoofing and Code Execution
    CVSS: 7.5 (High), 2021
  9. CVE
    CVE-2021-40326: (PDF) New Shadow Attack Variant
    CVSS: 5.5 (Medium), 2021
  10. CVE
    CVE-2021-41832: (ODF) Content Spoofing
    CVSS: 7.5 (High), 2021

2020

  1. CVE
    CVE-2020-9596: (PDF) Shadow Attack
    CVSS: 7.8 (High), 2020
  2. CVE
    CVE-2020-24432 (PDF) Arbitrary JavaScript Execution
    CVSS: 7.8 (High), 2020
  3. CVE
    CVE-2020-9592: (PDF) Shadow Attack
    CVSS: 7.8 (High), 2020
  4. CVE
    CVE-2020-35931: (PDF) Evil Annotation Attack
    CVSS: 7.8 (High), 2020

2018

  1. CVE
    CVE-2018-18689: (PDF) Signature Wrapping Attack
    2018
  2. CVE
    CVE-2018-18688: (PDF) Incremental Saving Attack
    2018
  3. CVE
    CVE-2018-16042: (PDF) Universal Signature Forgery
    2018

2015

  1. Nimbus
    (OpenID Connect) Nimbus OAuth 2.0 SDK with OpenID Connect Extensions | Connect2id
    In , 2015
  2. Pyoidc
    (Open­ID Con­nect) Pyo­idc.
    In , 2015

2014

  1. CVE
    CVE-2014-8249: (OpenID) Identity Spoofing
    2014
  2. CVE
    CVE-2014-2048: (OpenID) Identity Spoofing in ownCloud
    2014
  3. CVE
    CVE-2014-8251: (OpenID) Identity Spoofing
    2014
  4. CVE
    CVE-2014-8250: (OpenID) Identity Spoofing
    2014
  5. CVE
    CVE-2014-8253: (OpenID) Identity Spoofing
    2014
  6. CVE
    CVE-2014-8252: (OpenID) Identity Spoofing
    2014
  7. CVE
    CVE-2014-8411: (XML) XE DoS in OpenNebula
    2014
  8. CVE
    CVE-2014-8265: (OpenID) Identity Spoofing
    2014
  9. CVE
    CVE-2014-8254: (OpenID) Identity Spoofing
    2014
  10. CVE
    CVE-2014-1475: (OpenID) Identity Spoofing in Drupal
    2014
  11. Slashdot
    (OpenID) Security Report: Thanks to Christian Mainka and Vladislav Mladenov - Slashdot
    In , Jul 2014