This is just a simple location I'm using to keep a running list of vulnerabilities I've discovered or have participated in the discovery of.
I decided to move this to Google Sheets. Too complicated to keep the formatting straight here: https://docs.google.com/spreadsheets/d/1Qj0gpocVWLYarIoYZmT-vCwWmZC6kXZ3DdNV_lPmXcc/edit?usp=sharing
| CVE | Project | Vulnerability | CVSSv3 | Bounty? |
|---|---|---|---|---|
| CVE-2019-9658 | Checkstyle | XXE | 5.3 | |
| CVE-2019-15848 | JB TeamCity | XSS to RCE | 6.1 | |
| CVE-2019-11808 | Ratpack | Insecure RNG | 3.7 | |
| CVE-2019-13449 | Zoom Mac Client | DOS | 6.5 | Yes |
| CVE-2019-13450 | Zoom Mac Client | Webcam Takeover | 6.5 | Yes |
| CVE-2019-10755 | pac4j-saml | Insecure RNG | 4.9 | |
| CVE-2019-10754 | Apereo CAS | Insecure RNG | 8.1 | |
| CVE-2019-10755 | Apereo CAS | Insecure RNG | 4.9 | |
| CVE-2019-16303 | JHipster | Insecure RNG | 9.8 | $500 |
| CVE-2017-18638 | Grahphite-Web | SSRF to Email | 7.5 |