Mitarbeiter des Lehrstuhls haben zahlreiche Schwachstellen gemeldet und bei der Behebung der Fehler geholfen.
2024
- Network Security, PuTTY NIST-P521 Secret Key Recovery: CVE-2024-31497
2023
- Network Security, Terrapin Attack: CVE-2023-48795
- Network Security, AsyncSSH Extension Downgrade Attack: CVE-2023-46445
- Network Security, AsyncSSH Rogue Session Attack: CVE-2023-46446
- Email Security, Mismatching Signature and Message Date: CVE-2023-50761
- Email Security, Signature Spoof Based on Signed GitHub Commit: CVE-2023-50762
2022
- Network Security, DEMONS Angriff: CVE-2020-6557
- PDF Security, Incremental Saving Attack: CVE-2022-25641
2021
- Document Security, LibreOffice Content Spoofing and Code Execution: CVE-2021-25633, CVE-2021-25636
- Document Security, LibreOffice XSW on Signature Timestamp: CVE-2021-25634
- Document Security, LibreOffice Content Spoofing: CVE-2021-25635
- Document Security, OpenOffice Content Spoofing and Code Execution: CVE-2021-41830
- Document Security, OpenOffice XSW on Signature Timestamp: CVE-2021-41831
- Document Security, OpenOffice Content Spoofing: CVE-2021-41832
- PDF Security, New Shadow Attack Variant: CVE-2021-40326
- PDF Security, Evil Annotation Attacks: CVE-2021-28545
- PDF Security, Sneaky Signature Attacks: CVE-2021-28546
- ALPACA, TLS Cross Protocol Attacks: CVE-2021-31971
2020
- PDF Security, Evil Annotation Attacks: CVE-2020-35931
- LibreOffice URL Invocation, File Write Access and Code Execution: CVE-2020-12802, CVE-2020-12803
- PDF Security, Arbitrary JavaScript Execution: CVE-2020-24432
- PDF Security, Shadow Attack: CVE-2020-9592
- PDF Security, Shadow Attack: CVE-2020-9596
- Email Security, Information Disclosure with mailto: URLs: CVE-2020-4089, CVE-2020-11879, CVE-2020-11880, CVE-2020-27748
- Email Security, Automatic Import of S/MIME Certificates: CVE-2020-12618, CVE-2020-12619
- TLS, Raccoon Attack, Direct Oracle: CVE-2020-5929
- TLS, Raccoon Attack, Timing Side-Channel: CVE-2020-1968, CVE-2020-12413, CVE-2020-1596
2019
- Email Security, More Direct Exfiltration Attacks: CVE-2019-11739, CVE-2019-14664.
- Email Security, Covert Content Decryption Oracles: CVE-2019-10731, CVE-2019-10732, CVE-2019-10733, CVE-2019-10734, CVE-2019-10735, CVE-2019-10736, CVE-2019-10737, CVE-2019-10738, CVE-2019-10739, CVE-2019-10740, CVE-2019-10741
- Email Security, Covert Content Signature Oracles: CVE-2019-10726, CVE-2019-10727, CVE-2019-10728, CVE-2019-10729, CVE-2019-10730
- Email Security, Airmail Signature Verification Failure: CVE-2019-8338
- Email Security, Enigmail PGP Signature Spoofing: CVE-2019-12269
- #PDFex in Adobe (Acrobat) and Apple (macOS): CVE-2019-8237, CVE-2019-8772.
2018
- OpenPGP, Signature Verification Bypass: Simple Password Store CVE-2018-12356, Yarn Package Manager CVE-2018-12556.
- Email Security, MIME-based PGP Signature Spoofing: CVE-2017-17848, CVE-2018-15586, CVE-2018-15587, and CVE-2018-15588.
- Email Security, Enigmail State Confusion: CVE-2018-12019.
- Email Security, GnuPG Status Line Injection: CVE-2018-12020.
- Email Security, CMS eContent Confusion: CVE-2018-18509.
- PDF Security, Universal Signature Forgery: CVE-2018-16042.
- PDF Security, Incremental Saving Attack: CVE-2018-18688.
- PDF Security, Signature Wrapping Attack: CVE-2018-18689.
- Code Execution in Ghostscript: CVE-2018-19409.
- CVE-2018-2768.
- CVE-2018-2768.
- IPsec-Bleichenbacher Cisco: CVE-2018-0131.
- CVE-2018-2768.
- CVE-2018-4111.
- CVE-2018-4221.
- CVE-2018-4227.
- CVE-2018-5162.
- CVE-2018-5184.
- CVE-2018-5185.
- IKEv1 Main Mode Dictionary Attack: CVE-2018-5389.
- CVE-2018-8160.
- RCE in Outlook: CVE-2018-8161.
- CVE-2018-8305.
- IPsec-Bleichenbacher Clavister: CVE-2018-8753.
- IPsec-Bleichenbacher ZyXEL: CVE-2018-9129.
- CVE-2018-12372.
- CVE-2018-12373.
2017
2015
2014
- OpenID: CVE-2014-1475.
- OpenID: CVE-2014-2048.
- OpenStack: CVE-2014-3594.
- OpenID: CVE-2014-8249.
- OpenID: CVE-2014-8250.
- OpenID: CVE-2014-8251.
- OpenID: CVE-2014-8252.
- OpenID: CVE-2014-8253.
- OpenID: CVE-2014-8254.
- OpenID: CVE-2014-8265.
- CVE-2014-8411.
- Eucalyptus: CVE-2014-5039.
- OpenID: Drupal.
- OpenID: Owncloud.
- OpenID: Slashdot.
- OpenID: OXIDForge.
- OpenID: JOID.
- SAML SP: Zendesk.
- SAML SP: Canvas.
- SAML SP: Clarizen.
- SAML SP: OneLogin.
- SAML SP: Panorama9.
- SAML SP: Instructure.
- SAML SP: VU 190556
- SAML SP: VRF HXR9YUNY
- SAML SP: VRF HXRAH4O0
- SAML SP: VU 774084
- SAML SP: VRF HXRAND04