In addition to my work at Azimuth Security, I find vulnerabilities in third-party software. Here are some vulnerabilities I have published:
| Software | CVE | Description |
| ecryptfs | CVE-2011-1834 | Denial of service (mtab corruption) |
| ecryptfs | CVE-2011-1833 | Race condition allowing information disclosure |
| ecryptfs | CVE-2011-1832 | Race condition allowing denial of service |
| ecryptfs | CVE-2011-1831 | Race condition allowing local privilege escalation |
| AX25d | CVE-2011-2910 | Missing setuid check allowing remote root |
| Linux kernel (xtensa) | CVE-2011-2707 | Arbitrary kernel read |
| FreeBSD and NetBSD kernels (802.11) | CVE-2011-2480 | Information disclosure |
| Linux kernel (INET_DIAG) | CVE-2011-2213 | Infinite loop leading to denial of service |
| Linux kernel (DEC Alpha) | CVE-2011-2211 | Arbitrary write allowing privilege escalation |
| Linux kernel (DEC Alpha) | CVE-2011-2210 | Kernel memory disclosure |
| Linux kernel (DEC Alpha) | CVE-2011-2209 | Kernel memory disclosure |
| Linux kernel (DEC Alpha) | CVE-2011-2208 | Kernel memory disclosure |
| VMWare (vmware-user-suid-helper) | CVE-2011-2145 | Privilege escalation |
| VMWare (mount.vmhgfs) | CVE-2011-1787 | Privilege escalation |
| VMWare (mount.vmhgfs) | CVE-2011-2146 | Information disclosure |
| Linux kernel (dccp) | CVE-2011-1770 | Remote out-of-bounds read |
| Linux kernel (ARM OABI) | CVE-2011-1759 | Heap overflow allowing privilege escalation |
| Google Chrome (Linux sandbox) | CVE-2011-1444 | Race condition potentially allowing privilege escalation |
| Linux kernel (mpt2sas) | CVE-2011-1495 | Arbitrary kernel memory read |
| Linux kernel (mpt2sas) | CVE-2011-1494 | Heap overflow allowing privilege escalation |
| Linux kernel (ROSE) | CVE-2011-1493 | Remote heap overflow allowing arbitrary code execution |
| Linux kernel (OSS) | CVE-2011-1477 | Out-of-bounds write allowing privilege escalation |
| Linux kernel (OSS) | CVE-2011-1476 | Integer underflow leading to memory corruption |
| Ecava IntegraXor | CVE-2011-1562 | Authentication failure allowing remote code execution |
| Linux kernel (IrDA) | CVE-2011-1180 | Remote stack overflow allowing arbitrary code execution |
| Apple Mac OS X XNU kernel | CVE-2011-0180 | Information disclosure |
| Linux kernel (AudioScience HPI) | CVE-2011-1169 | Heap corruption allowing privilege escalation |
| open-vm-tools (vmware-hgfsmounter) | CVE-2011-1681 | Denial of service (mtab corruption) |
| ncpfs (ncpmount) | CVE-2011-1680 | Denial of service (stale mtab lockfile) |
| ncpfs (ncpmount, ncpumount) | CVE-2011-1679 | Denial of service (mtab corruption) |
| Samba (mount.cifs, umount.cifs) | CVE-2011-1678 | Denial of service (mtab corruption) |
| util-linux (mount) | CVE-2011-1677 | Denial of service (stale mtab lockfile) |
| util-linux (mount) | CVE-2011-1675 | Denial of service (mtab corruption) |
| glibc (addmntent) | CVE-2011-1089 | Denial of service (mtab corruption) |
| FreeBSD and Apple OS X crontab | CVE-2011-1075 | Information disclosure |
| FreeBSD and Apple OS X crontab | CVE-2011-1074 | Information disclosure |
| FreeBSD and Apple OS X crontab | CVE-2011-1073 | Information disclosure |
| Linux kernel (XFS) | CVE-2011-0711 | Kernel stack memory disclosure |
| Linux kernel (btrfs) | CVE-2011-0699 | Heap overflow allowing privilege escalation |
| FFmpeg | CVE-2011-0723 | Stack overflow allowing arbitrary code execution |
| FFmpeg | CVE-2011-0722 | Heap corruption allowing arbitrary code execution |
| FFmpeg | CVE-2010-3908 | Heap corruption allowing arbitrary code execution |
| VLC | CVE-2011-0531 | Memory corruption allowing arbitrary code execution |
| OpenOffice.org | CVE-2010-3451 | Use-after-free allowing arbitrary code execution |
| OpenOffice.org | CVE-2010-3453 | Out-of-bounds write allowing arbitrary code execution |
| OpenOffice.org | CVE-2010-3454 | Out-of-bounds write allowing arbitrary code execution |
| OpenOffice.org | CVE-2010-3452 | Use-after-free allowing arbitrary code execution |
| xpdf | CVE-2011-4654 | Integer overflow leading to a waste of time |
| xpdf | CVE-2011-4653 | Memory corruption allowing arbitrary code execution |
| VLC | CVE-2011-0021 | Heap corruption allowing arbitrary code execution |
| Pango | CVE-2011-0020 | Heap corruption allowing arbitrary code execution |
| VLC | CVE-2010-3907 | Out-of-bounds read allowing arbitrary code execution |
| Linux kernel (OSS) | CVE-2010-4527 | Heap buffer overflow allowing privilege escalation |
| Linux kernel (IrDA) | CVE-2010-4529 | Heap memory disclosure |
| VMWare | CVE-2010-4295 | Multiple race conditions allowing file overwrite or directory creation |
| Linux kernel (RDS) | CVE-2010-4175 | Heap corruption |
| Linux kernel (X.25) | CVE-2010-4164 | Remote denial of service |
| Linux kernel (block layer) | CVE-2010-4163 | Denial of service |
| Linux kernel (block layer) | CVE-2010-4162 | Denial of service |
| Linux kernel (L2TP) | CVE-2010-4160 | Heap corruption |
| Linux kernel (socket filters) | CVE-2010-4161 | Deadlock leading to denial of service |
| Linux kernel (socket filters) | CVE-2010-4158 | Kernel stack memory disclosure |
| Linux kernel (CAN) | CVE-2010-4565 | Information disclosure |
| Linux kernel (CAN) | CVE-2010-3874 | Heap overflow allowing absolutely nothing |
| Linux kernel (X.25) | CVE-2010-3873 | Remote heap overflow allowing denial of service |
| Linux kernel (TIPC) | CVE-2010-3859 | Heap overflow allowing privilege escalation |
| Linux kernel (RDS) | CVE-2010-3904 | Arbitrary kernel memory write allowing privilege escalation |
| Google Chrome | CVE-2010-4039 | Insecure shared library loading |
| ettercap-gtk | CVE-2010-3844 | Stack buffer overflow |
| ettercap-gtk | CVE-2010-3843 | Insecure temporary file usage |
| Linux kernel (SCTP) | CVE-2010-3705 | Memory corruption (remote) |
| Linux kernel (sound/core) | CVE-2010-3442 | Kernel heap corruption |
| Linux kernel (pktcdvd) | CVE-2010-3437 | Arbitrary kernel memory read or denial-of-service |
| Linux kernel (ROSE) | CVE-2010-3310 | Kernel heap corruption |
| Linux kernel (ipc semctl) | CVE-2010-4083 | Kernel stack memory disclosure |
| Linux kernel (drivers/video/via/ioctl.c) | CVE-2010-4082 | Kernel stack memory disclosure |
| Linux kernel (sound/pci/rme9652/hdspm.c) | CVE-2010-4081 | Kernel stack memory disclosure |
| Linux kernel (sound/pci/rme9652/hdsp.c) | CVE-2010-4080 | Kernel stack memory disclosure |
| Linux kernel (drivers/video/ivtv/ivtvfb.c) | CVE-2010-4079 | Kernel stack memory disclosure |
| Linux kernel (drivers/video/sis/sis_main.c) | CVE-2010-4078 | Kernel stack memory disclosure |
| Linux kernel (drivers/char/nozomi.c) | CVE-2010-4077 | Kernel stack memory disclosure |
| Linux kernel (drivers/char/amiserial.c) | CVE-2010-4076 | Kernel stack memory disclosure |
| Linux kernel (drivers/serial/serial_core.c) | CVE-2010-4075 | Kernel stack memory disclosure |
| Linux kernel (drivers/usb/serial/mos*.c) | CVE-2010-4074 | Kernel stack memory disclosure |
| Linux kernel (ipc compat) | CVE-2010-4073 | Kernel stack memory disclosure |
| Linux kernel (drivers/net/usb) | CVE-2010-3298 | Kernel stack memory disclosure |
| Linux kernel (drivers/net/eql) | CVE-2010-3297 | Kernel stack memory disclosure |
| Linux kernel (drivers/net/cxgb3) | CVE-2010-3296 | Kernel stack memory disclosure |
| Linux kernel (XFS) | CVE-2010-3078 | Kernel stack memory disclosure |
| glibc (FORTIFY_SOURCE) | CVE-2010-3192 | Information disclosure |
| Apache CouchDB (Debian/Ubuntu) | CVE-2010-2953 | Insecure shared library loading |
| FreeBSD and NetBSD kernels (Coda) | CVE-2010-3014 | Information disclosure |
| Lynx | CVE-2010-2810 | Heap overflow leading to arbitrary code execution |
| Apple Mac OS X XNU kernel (WebDAV kernel extension) | CVE-2010-1794 | Memory overallocation leading to denial of service |
| Linux kernel (btrfs) | CVE-2010-2538 | Integer overflow leading to information disclosure |
| Linux kernel (btrfs) | CVE-2010-2537 | Insufficient permissions checking |
| FreeBSD, NetBSD, and Apple Mac OS X XNU kernels (NetSMB kernel module) | CVE-2010-2530 | Memory overallocation leading to denial of service |
| Linux kernel (GFS2) | CVE-2010-2525 | Insufficient permissions checking allowing privilege escalation |
| LibTIFF | CVE-2010-2067 | Stack overflow allowing arbitrary code execution |
| LibTIFF | CVE-2010-2481 | Out-of-bounds read allowing denial of service |
| pmount | CVE-2010-2192 | Symlink attack allowing unauthorized file creation/deletion |
| Linux kernel (XFS) | CVE-2010-2226 | Insufficient permissions checking |
| Linux kernel (ext4) | CVE-2010-2066 | Insufficient permissions checking |
| fastjar | CVE-2010-2322 | Absolute path traversal allowing arbitrary file overwrite |
| fastjar | CVE-2010-0831 | Directory traversal allowing arbitrary file overwrite |
| Exim | CVE-2010-2024 | Race condition allowing unauthorized file creation and file permission changes |
| Exim | CVE-2010-2023 | Hard-link attack allowing arbitrary non-root file overwrite |
| Linux kernel (GFS2) | CVE-2010-1641 | Insufficient permissions checking |
| Cisco DPC2100 Cable Modem | CVE-2010-2082 | Insecure default password |
| Cisco DPC2100 Cable Modem | CVE-2010-2026 | Insufficient authentication |
| Cisco DPC2100 Cable Modem | CVE-2010-2025 | Cross-site request forgery |
| Linux kernel (btrfs) | CVE-2010-1636 | Information disclosure |
| Ghostscript | CVE-2010-1628 | Memory corruption allowing arbitrary code execution |
| Ghostscript | CVE-2010-1869 | Stack overflow allowing arbitrary code execution |
| GNUstep (gdomap) | CVE-2010-1620 | Integer overflow allowing heap corruption |
| GNUstep (gdomap) | CVE-2010-1457 | Information disclosure |
| glibc (encode_name) | CVE-2010-0296 | Improper input sanitization |
| glibc (ld.so) | CVE-2010-0830 | Integer overflow allowing arbitrary code execution |
| dvipng | CVE-2010-0829 | Buffer overflow allowing arbitrary code execution |
| TeX Live (dvips) | CVE-2010-0827 | Integer overflow allowing arbitrary code execution |
| GNU nano | CVE-2010-1161 | Race condition allowing privilege escalation |
| GNU nano | CVE-2010-1160 | Race condition allowing arbitrary file overwrite |
| Emacs (movemail) | CVE-2010-0825 | Race condition allowing information disclosure |
| Deliver | CVE-2010-1123 | Insecure lockfile creation allowing denial of service |
| Deliver | CVE-2010-0439 | Race condition allowing privilege escalation, information disclosure, or denial of service |
| PolicyKit (pkexec) | CVE-2010-0750 | Information disclosure |
| PulseAudio | CVE-2009-1299 | Insecure temporary file creation allowing denial of service or information disclosure |
| ncpfs (ncpmount, ncpumount, ncplogin) | CVE-2010-0791 | Insecure lockfile allowing denial of service |
| ncpfs (ncpumount) | CVE-2010-0790 | Information disclosure |
| ncpfs (ncpmount, ncpumount, ncplogin) | CVE-2010-0788 | Race condition allowing privilege escalation |
| fcron (fcrontab) | CVE-2010-0792 | Race condition allowing information disclosure |
| vixie-cron, cronie (crontab) | CVE-2010-0424 | Race condition allowing denial of service |
| Samba (mount.cifs) | CVE-2010-0547 | Improper input validation allowing corruption of mountpoint options |
| FUSE (fusermount) | CVE-2010-0789 | Race condition allowing denial of service |
| LXR Cross Referencer | CVE-2010-1625 | Cross-site scripting |
| LXR Cross Referencer | CVE-2010-1448 | Cross-site scripting |
| LXR Cross Referencer | CVE-2009-4497 | Cross-site scripting |
| Transmission BitTorrent Client | CVE-2010-0012 | Directory traversal allowing arbitrary file overwrite |