Software Vulnerabilities Found with Defensics

Advisories

Note that some of these vulnerabilities have been found by our customers individually using our fuzzing tools and security testing services. 

2017

Apple products Bluetooth component

Linux NFSD implementation

2016

Apple products Bluetooth component

2015

PolarSSL Remote attack using crafted certificates

OpenSSL Certificate fingerprints can be modified

Multiple errors in DCE-RPC code

2014

Crash with SRP Ciphersuite in Server Hello Message

PolarSSL Denial of Service against GCM enabled servers

Vulnerabilities fixed in the OpenSSL library

GnuTLS Hello Vulnerability

  • The Official Radare Blog

Vulnerability in BIND

Heartbleed

SCTP Linux Kernel Panic

Heimdal in Apple OS X allows remote DoS

Apple TLS Bug

2011

Vulnerability in open source Bluetooth bluez-hcidump

Five vulnerabilities in the BGP and OSPF daemons of Quagga

2010

Two vulnerabilities in the BGP daemon of Quagga

SMB Stack Exhaustion Vulnerability

  • MS10-054 - Vulnerabilities in SMB Server Could Allow Remote Code Execution
  • Microsoft Security Bulletin Summary for August 2010
  • CVE-2010-2552

Two vulnerabilities in OpenLDAP

Linux SCTP INIT message handling

Lexmark vulnerabilities in HTTP and SSL

Microsoft SMB implementations

Linux Kernel (with CERT-FI):

2008

OpenSSL (with CERT-FI):

GnuTLS (with CERT-FI):

NetBSD (with CERT-FI):

SMB libraries:

2007

OpenGGSN (by VTT):

2005

Image libraries (with NISCC):

  • Advisory from Microsoft

2004

OpenSSL (with NISCC and RedHat):

Apache (with NISCC and RedHat):