Trophy list of zero-day vulnerabilities discovered
- SimpleNetwork TCP Server Global Buffer Overflow (CVE-2023-52729)
- Libforth v4.0 Out of bounds read in static void check_is_asciiz(jmp_buf *on_error, char *s, forth_cell_t end) libforth/libforth.c, line 1436 (CVE-2024-30898)
- Libforth v4.0 Out of bounds read in static void print_stack(forth_t *o, FILE *out, forth_cell_t *S, forth_cell_t f) at libforth.c, line 1481 (CVE-2024-30899)
- Libforth v4.0 Stack-based buffer overflow in static int print_cell(forth_t *o, FILE *out, forth_cell_t u) at libforth.c, line 1367 (CVE-2024-30900)
- Libforth v4.0 Out of bounds read in static int match(forth_cell_t *m, forth_cell_t pwd, const char *s) at libforth.c, line 1306 (CVE-2024-30901)
- Libforth v4.0 Out of bounds write in static forth_cell_t compile(forth_t *o, forth_cell_t code, const char *str, forth_cell_t compiling, forth_cell_t hide) at libforth.c, line 1241 (CVE-2024-30902)
- Libforth v4.0 Out of bounds read in int forth_run(forth_t *o) at libforth/libforth.c (CVE-2024-30903)
- Libforth v4.0 Out of bounds read in static int forth_get_char(forth_t *o) at libforth.c (CVE-2024-30907)
- Lambda Calculus Interpreter Stack Buffer Overflow in int execSystemCmd(TERM *t) at run.c, line 224 (CVE-2024-27543)
- Lambda Calculus Interpreter Invalid Pointer Dereference in void termRemoveOper(TERM *t) at termproc.c, line 632 (CVE-2024-27542)
- Lambda Calculus Interpreter Invalid Pointer Dereference in static TERM fix_precedence(TERM op) at parser.c, line 95 (CVE-2024-27540)
- Lambda Calculus Interpreter Invalid Pointer Dereference in TERM* create_bracket(TERM *t) at parser.c, line 162 (CVE-2024-27541)
- Cherry HTTP Server Out-of-bounds read in static const char *get_file_type(const char *extension) at http.c (CVE-2024-24341)
- Lotos HTTP Server Use-after-free in static inline char *buffer_end(const buffer_t *pb) at buffer.h (CVE-2024-24343)
- Pico HTTP Server Null Pointer Dereference void respond(int slot) at httpd.c (CVE-2024-24340)
- Pico HTTP Server Off-by-one buffer overflow in void respond(int slot) at httpd.c (CVE-2024-24342)
- Cherry HTTP server remote stack buffer overflow vulnerability in handle_request() at http.c (CVE-2024-22086)
- Pico HTTP server remote stack buffer overflow in void route() at main.c (CVE-2024-22087)
- Lotos HTTP server use-after-free in static inline size_t buffer_avail(const buffer_t *pb) at buffer.h (CVE-2024-22088)
- ehttp commit 716ff7a Use-after-free in read_func(void*) at epoll_socket.cpp (CVE-2023-52266)
- ehttp commit 716ff7a Out-of-bounds-read in void _log at simple_log.cpp (CVE-2023-52267)
- MicroHTTPServer off-by-one global buffer overflow in _ParseHeader at lib/server.c (CVE-2023-51771)
- MicroHttpServer Remote Buffer Overflow in uint8_t _ReadStaticFiles(HTTPReqMessage *req, HTTPResMessage *res) at lib/middleware.c (CVE-2023-50965)
- Liblisp Out of Bounds Read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c (CVE-2023-48025)
- Liblisp Use-after-free in void hash_destroy(hash_table_t *h) at hash.c (CVE-2023-48024)
- Libboron 2.0.8 Heap buffer overflow in ur_parseBlockI at i_parse_blk.c (CVE-2023-40294)
- Libboron 2.0.8 Heap buffer overflow in ur_strInitUtf8 at string.c (CVE-2023-40295)
- async-sockets-cpp v0.3.1 off-by-one stack buffer overflow in udpsocket.hpp (CVE-2023-40296)
- async-sockets-cpp v0.3.1 stack buffer overflow in tcpsocket.hpp (CVE-2023-38632)
- xHTTP Double Free in close_connection at xhttp.c (CVE-2023-38434)
- Global Buffer Overflow in N-Prolog Version 1.91 (CVE-2022-43343)
- html2xhtml v1.3 Out-Of-Bounds read (CVE-2022-44311)
- PicoC v3.2.2 Heap Overflow in the ExpressionCoerceInteger function in expression.c (CVE-2022-44312)
- PicoC v3.2.2 Heap Overflow in the ExpressionCoerceUnsignedInteger function in expression.c (CVE-2022-44313)
- PicoC v3.2.2 Heap Overflow in the StringStrncpy function in cstdlib/string.c (CVE-2022-44314)
- PicoC v3.2.2 Heap Overflow in the ExpressionAssign function in expression.c (CVE-2022-44315)
- PicoC v3.2.2 Heap Overflow in the LexGetStringConstant function in lex.c (CVE-2022-44316)
- PicoC v3.2.2 Heap Overflow in the StdioOutPutc function in cstdlib/stdio.c (CVE-2022-44317)
- PicoC v3.2.2 Heap Overflow in the StringStrcat function in cstdlib/string.c (CVE-2022-44318)
- PicoC v3.2.2 Heap Overflow in the StdioBasePrintf function in cstdlib/string.c (CVE-2022-44319)
- PicoC v3.2.2 Heap Overflow in the ExpressionCoerceFP function in expression.c (CVE-2022-44320)
- PicoC v3.2.2 Heap Overflow in the LexSkipComment function in lex.c (CVE-2022-44321)
- md2roff Version 1.9 Buffer Overflow (CVE-2022-41220)
- png2webp Version 1.0.4 Out of Bounds Write (CVE-2022-36752)
- SimpleNetwork TCP Server Double Free (CVE-2022-36234)
- md2roff Version 1.7 Buffer Overflow (CVE-2022-34913)
- PicoC Version v3.2.2 Null Pointer Dereference (CVE-2022-34556)
- Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers Open Redirect (ICSA-19-113-01)
- N-Prolog v1.94 Out-of-bounds read in add_data() at data.c
- N-Prolog v1.94 Out-of-bounds read in prove_all() at main.c
- N-Prolog v1.94 Stack exhaustion in deref() at data.c
- N-Prolog v1.94 Null pointer dereference in prove() at main.c
- N-Prolog v1.94 Null pointer dereference in b_consult() at builtin.c
- N-Prolog v1.94 Out-of-bounds read in o_define() at builtin.c
- Shibatch Sample Rate Converter (SSRC) Divide By Zero
- LCI v0.10.5 Null Pointer Dereference
- LCI v0.10.5 Out of Bounds Read
- Mechanical Keyboard Finder Version 4.31 Cross Site Scripting
- Crash in N-Prolog Version 1.90