Vulnerability Disclosures

Ledger vulnerability disclosure https://wizardsardine.com/blog/ledger-vulnerability-disclosure/ 22 comments 11/5/2023 cryptocurrency

WebUSB Vulnerabilities, actions of YubiCo, and disclosure madness https://pwnaccelerator.github.io/2018/webusb-yubico-disclosure.html 32 comments 17/6/2018 netsec

Stagefright Vulnerability Disclosure http://translate.wooyun.io/2015/08/08/stagefright-vulnerability-disclosure.html 2 comments 7/8/2015 netsec

A Call for Better Coordinated Vulnerability Disclosure http://blogs.technet.com/b/msrc/archive/2015/01/11/a-call-for-better-coordinated-vulnerability-disclosure.aspx 20 comments 12/1/2015 netsec

Missouri governor criticized for confusing vulnerability disclosure with https://portswigger.net/daily-swig/missouri-governor-criticized-for-confusing-vulnerability-disclosure-with-criminal-hacking 181 comments 15/10/2021 programming

DHS Wants Every Agency to Have a Vulnerability Disclosure Program https://www.defenseone.com/technology/2019/11/dhs-wants-every-agency-have-vulnerability-disclosure-program/161593/ 5 comments 29/11/2019 politics

Why is Core so worried about public disclosure of the CVE-2018-17144 vulnerability? Because when a bug was disclosed in competing client Bitcoin XT back in 2015, they exploited it. https://www.reddit.com/r/bitcoinxt/comments/3iumsr/udp_flood_ddos_attacks_against_xt_nodes/ 47 comments 21/9/2018 btc

Critical vulnerability in Monocypher (full disclosure) https://monocypher.org/quality-assurance/disclosures 34 comments 25/6/2018 crypto

When a vulnerability disclosure doesn't go how you expect. https://projectblack.io/blog/a-tale-of-2-vulnerability-disclosures/ 56 comments 7/11/2023 netsec

Security.txt: a proposal for publishing channels for vulnerability disclosure https://securitytxt.org/ 25 comments 13/2/2019 netsec

Security Researcher Assaulted Following Vulnerability Disclosure https://www.secjuice.com/security-researcher-assaulted-ice-atrient/ 51 comments 6/2/2019 programming

Security Researcher Assaulted Following Vulnerability Disclosure https://www.secjuice.com/security-researcher-assaulted-ice-atrient/ 6 comments 5/2/2019 technology

Augur REP Token Critical Vulnerability Disclosure – Zeppelin Solutions https://blog.zeppelin.solutions/augur-rep-token-critical-vulnerability-disclosure-3d8bdffd79d2 19 comments 28/7/2017 ethereum

WordPress and Drupal Core Denial Of Service Vulnerability Responsible disclosure http://www.breaksec.com/?page_id=6002 17 comments 6/8/2014 netsec

WordPress and Drupal Core Denial Of Service Vulnerability Full Disclosure http://www.breaksec.com/?p=6362 4 comments 6/8/2014 netsec

Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program https://habr.com/post/579714/ 75 comments 23/9/2021 apple

Vulnerability disclosure – Cisco Meeting Server (CMS) arbitrary TCP relaying https://www.immunit.ch/blog/2018/05/31/vulnerability-disclosure-cisco-meeting-server-arbitrary-tcp-relaying/ 5 comments 13/6/2018 netsec

Launching a Public HackerOne Vulnerability Disclosure Program https://www.jamieweb.net/blog/launching-a-public-hackerone-program/ 5 comments 11/5/2018 netsec

Vulnerable Visual Studio Code extensions impact over 2M Developers - timely disclosure https://snyk.io/blog/vulnerable-visual-studio-code-extensions-marketplace/ 12 comments 2/6/2021 javascript

Coordinated disclosure of XML round-trip vulnerabilities in encoding/xml https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ 12 comments 14/12/2020 golang

Disclosure: Key generation vulnerability found on WalletGenerator.net — potentially malicious. https://medium.com/mycrypto/disclosure-key-generation-vulnerability-found-on-walletgenerator-net-potentially-malicious-3d8936485961 26 comments 24/5/2019 btc

Intel CEO sold millions in stock after company was informed of vulnerability, before disclosure https://www.marketwatch.com/story/intel-ceo-sold-millions-in-stock-after-company-was-informed-of-vulnerability-before-disclosure-2018-01-03 43 comments 4/1/2018 wallstreetbets

Node Security Project - Remote Memory Disclosure (vulnerable: < 1.0.1) https://nodesecurity.io/advisories/67 3 comments 5/1/2016 netsec

Sogeti Researcher Claims He Was Fired Over FireEye MAS Vulnerability Disclosure http://www.csoonline.com/article/2451807/data-protection/fireeye-investigating-recent-vulnerability-disclosures.html#tk.rss_dataprotection 2 comments 8/7/2014 netsec

Public Disclosure of Slack Single-Channel Guest Directory Iteration Vulnerability https://alley.co/news/public-disclosure-of-slack-single-channel-guest-directory-iteration/ 3 comments 8/3/2019 programming

Full Disclosure: Hacking Printers Advisory 1/6: PostScript printers vulnerable to print job capture http://seclists.org/fulldisclosure/2017/jan/89 17 comments 1/2/2017 netsec

Critical Vulnerability found in Democratic campaign donation platform affecting 3 million users -- Responsible Disclosure http://rajk.me/actblue/#intro 61 comments 17/6/2016 netsec

GM embraces white-hat hackers with public vulnerability disclosure program https://hackerone.com/gm 2 comments 8/1/2016 netsec

Responsible Disclosure of Men's Wearhouse Perfect Fit App Vulnerability Exposing Customer Information http://randywestergren.com/mens-wearhouse-perfect-fit-app-vulnerability-exposing-customer-information/ 16 comments 27/10/2014 netsec

Full disclosure and No disclosure - security research firm won't share vulnerabilities with Microsoft anymore http://www.h-online.com/security/news/item/microsoft-vulnerabilities-full-disclosure-and-no-disclosure-1033551.html 42 comments 6/7/2010 netsec

CVE-2021-1106: NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure (...) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1106 31 comments 20/8/2021 linux

Big Banks Charged Billions in Overdraft Fees During the Worst Months of the Pandemic: Recent financial disclosures show overdraft to be lucrative for commercial banks, and a burden on their most vulnerable customers https://prospect.org/economy/big-banks-charged-billions-in-overdraft-fees-during-pandemic/ 118 comments 27/4/2021 economy

Information disclosure vulnerabilities affecting three of the major web browsers(Firefox, Chrome, Edge) which can be leveraged to determine a vast range of installed applications, including the presence of security products https://www.fortinet.com/blog/threat-research/leaking-browser-url-protocol-handlers 16 comments 4/12/2020 netsec

Paul Kocher weighs in on Spectre flaws, vulnerability disclosure: "At RSA Conference 2018, Paul Kocher, who co-discovered the Spectre flaws, discussed the chip vulnerabilities and explained why disclosure and mitigation efforts were so troubled." https://searchsecurity.techtarget.com/news/252439395/paul-kocher-weighs-in-on-spectre-flaws-vulnerability-disclosure 5 comments 23/4/2018 programming

Disclosure of Infineon RSA vulnerability (ROCA). Tester for vuln. keys. TPM, Bitlocker, eID, GitHub SSH, PGP... impacted https://roca.crocs.fi.muni.cz 5 comments 16/10/2017 netsec

EFF Sues NSA for Zero Day Disclosure Process - "A zero day is a previously unknown security vulnerability in software or online services that a researcher has discovered, but the developers have not yet had a chance to patch. A thriving market has emerged for these zero days" https://www.eff.org/press/releases/eff-sues-nsa-director-national-intelligence-zero-day-disclosure-process 7 comments 3/7/2014 technology