Reports in nintendo program: S.No Title Bounty 1 [3DS][SSL] Improper certificate validation allows an attacker to perform MitM attacks $0.0 2 [3DS][SSL] Use of uninitialized class member leads to RCE in eShop movie player $0.0 3 [3DS][SSL][SDK] Unchecked number of audio channels in Mobiclip SDK leads to RCE in eShop movie player $0.0 4 [3DS][StreetPass] Heap Overflow in Swapnote parser leads to userland StreetPass RCE $0.0 5 [3DS][StreetPass] Buffer Overflow in Super Mario Maker level decompression $0.0 6 [MK8DX] Improper verification of Competition creation allows to create "Official" competitions $0.0 7 [WiiU/Switch] Remote code execution inside the ENL library $0.0 8 [MK8DX] Improper metadata parsing $0.0 9 [MK8DX] Improper metadata validation 2 $0.0 10 [WiiU/Switch] nullptr dereference in the ENL framework $0.0 11 Arbitrary code execution in TSEC Heavy Secure, return-oriented programming in TSEC Secure ROM, and recovery of TSEC-derived cryptographic secrets $0.0 12 [Switch, PIA/MK8DX] Stack buffer overflow and potential RCE in PIA (LAN/LDN, possibly NEX) room info deserialization $0.0