Skip to navigation

Warning message

log in to add comments or rate this document

Vulnerability Acknowledgements for Red Hat online services

Updated 2014-03-19T06:51:46+00:00

The Red Hat Security Response Team would like to thank the following individuals and organisations that have privately reported security issues that affected Red Hat branded websites or online services and agreed to be listed.

To report an issue in any Red Hat product or service please contact the Red Hat Security Response Team. The Red Hat Security Response Team, in its sole discretion, will make the final decision about granting, refusing and publishing credits, as well as their form and content, and applying the rules listed below. We will refuse credits where researchers breach the rules below or do not otherwise behave responsibly and ethically:

  • Reports we do not class as security issues are not eligible for an acknowledgement on this page, these include but are not limited to:

    • Directory Listings and FTP sites. Our products are based on open source components and we make certain content available using directory listings and via anonymous FTP. Please only report these if you find confidential content being exposed.

    • Version Numbers. We do not hide the version numbers of online services components and you should expect these will not be the latest upstream versions.

    • Secure Certificate Issues (mismatched host names, expired certificates, support for older protocols such as SSLv2)

  • Some Red Hat branded services are operated by third parties. If you notify us about security issues on such sites we will coodinate fixes with the affected vendors and acknowlegements may instead be given by those vendors or under their rules.

  • Some security issues may be due to underlying vulnerabilities in third-party applications that we use. In these cases we will coordinate fixes with the application vendor and acknowlegements may instead by given by those vendors or on our CVE dictionary pages.

  • We expect you to make a good faith effort to avoid privacy violations, destruction of data, or degradation to our service during your research. Please avoid using tools that are likely to automatically generate significant volumes of traffic or otherwise cause operational problems for our sites.

2014 Acknowledgements:

  • David Hoyt
  • Ajay Singh Negi (@AjaySinghNegi) (
  • Milad Bahari Rad (@milad_bahari)
  • Ali Hasan Ghauri (@alihasanghauri) (AHPT)
  • Ibrahim Raafat (@RaafatSEC) (Q-CERT)

2013 Acknowledgements:

  • Rakan Alotaibi (@hxteam) [2 flaws]
  • Yuji Kosuga
  • Johnathan S. Simon ( [2 flaws]
  • Kamil Sevi (@kamilsevi) [4 flaws]
  • M.R.Vignesh Kumar (@vigneshkumarmr)
  • Ajay Singh Negi (@AjaySinghNegi) ( [2 flaws]
  • Prajal Kulkarni (
  • Himanshu Kumar Das (@mehimansu)
  • Atulkumar Hariba Shedage (@atul_shedage) and Ritesh Arunkumar Sarvaiya (@RiteshSarvaiya), (
  • Guifré Ruiz Utgés (@GuifreRuiz)
  • Mohamed Ramadan (
  • Maxim Rupp
  • Ahmed Mohamed Hassan Aboul-Ela (Starware) [3 flaws]
  • Anand Prakash (@sehacure) (VIT University, India)
  • Tushar Rajhans Kumbhare (
  • Raj Sukali ( [2 flaws]
  • Abhinav Karnawat (\/ w4rri0r \/) (
  • Dmitriy Serebryannikov (@dsrbr) (
  • Malte Batram (@_batram) ( [2 flaws]
  • Andrey Medov ( [5 flaws]
  • Laith AL-Satari (@laith_satari)
  • Ali Hasan Ghauri (@alihasanghauri) (AHPT)
  • Swair Mehta (
  • Mohab Ali (@0xAli) (
  • Ankit Bharathan (lon3ly_hacker)
  • Bharadwaj Machiraju (
  • Emanuel Bronshtein (@e3amn2l)
  • Christian Lopez Martin (@phr0nak)
  • Issam Rabhi ( [2 flaws]
  • Wong Chieh Yie (@wcypierrenet)
  • David Hoyt
  • 6Scan (
  • Vikas Chopalli and Naresh Chattala (
  • Elvin Gentiles (elvinguitar)
  • Roy Castillo (@official_roy) ( [4 flaws]
  • Rajatkumar Karmarkar
  • Anand Meyyappan (@anandm47)
  • SimranJeet Singh (@TurbanatorSJS)
  • Riaz Ebrahim (
  • Rishal Dwivedi (@rishaldwivedi) (Bhavan's Vivekananda College) and Manjot Singh (@Manjotsinghg8) (Rimt College Mandi Gobindgarh)
  • Sabari Selvan (
  • Adrian-Daniel Bacanu (Zatarra) ( [2 flaws]
  • Tejash Patel (@tejash1991)
  • Shahee Mirza (@shaheemirza)
  • Saurabh Chandrakant Nemade (@SaurabhNemade) (
  • Deepankar Arora (@sec403) and Nipun Jaswal (@nipunjaswal) [2 flaws]
  • Daniel-Valentin Tomescu (TheTime) (
  • Muhammad Ahmed Siddiqui (Nybble Tech) (
  • Peter Jaric (@peterjaric) (
  • Osanda Malith Jayathissa (@OsandaMalith)
  • sahildhar (
  • Koutrouss Naddara
  • Mahmoud El-Said El-Naggar (Starware)
  • Teguh P. Alko [2 flaws]
  • Rafael Pablos (
  • Narendra Bhati (@NarendraBhatiB) (R00t Sh3ll)
  • Gurjant Singh (@GurjantSadhra) and Mayank Kapoor (
  • Muhammad Talha Khan (

2012 Acknowledgements:

  • Keita Haga [4 flaws]
  • Maxim Rupp [5 flaws]
  • Nils Jünemann [5 flaws]
  • João Lucas Melo Brasio (White Hat Hackers & DotFive Labs & PUC-Campinas)
  • Mateusz Goik
  • David Vieira-Kurz (MajorSecurity) [2 flaws]
  • David Hoyt [3 flaws]
  • Mario Gomes (@NetFuzzer)
  • Emanuel Bronshtein (@e3amn2l) [2 flaws]
  • Thamatam Deepak (@Mr.47™)
  • Atulkumar Hariba Shedage (@atul_shedage) (
  • Ucha Gobejishvili (საქართველო) [6 flaws]
  • Carlo Soliveres Benedicto (FierceX) (Catanduanes State University)
  • Michael Blake
  • Kamil Sevi (@kamilsevi) [2 flaws]
  • Harsha Vardhan Boppana (Login Security Solutions(P) Limited) and Krutarth Shukla (@krutarthshukla)
  • Dylan S. Hailey (@TibitXimer)
  • Siddhesh Gawde (St. Francis Institute of Technology (SFIT))
  • Ahmad Ashraff (@yappare)
  • Guifré Ruiz Utgés (@GuifreRuiz)
  • Rafay Baloch (RHA)
  • Masato Kinugawa
  • Mohamed Ramadan ( [3 flaws]
  • Johnathan S. Simon (

2011 Acknowledgements:

  • Nils Jünemann [2 flaws]
  • Brendan Coles
  • Maxim Rupp [2 flaws]
  • David Hoyt [3 flaws]
  • Szymon Gruszecki
  • Keita Haga
  • David Guimaraes

This page lists all acknowledgements since January 1st 2011. Please contact us if you reported an issue to us prior to 2011 and would like a public acknowledgement.