< overview
< overview
< overview
< overview
< overview
< overview
Software Vulnerabilities Found with Defensics
Advisories
Note that some of these vulnerabilities have been found by our customers individually using our fuzzing tools and security testing services.
2017
Apple products Bluetooth component
Linux NFSD implementation
2016
Apple products Bluetooth component
2015
PolarSSL Remote attack using crafted certificates
OpenSSL Certificate fingerprints can be modified
Multiple errors in DCE-RPC code
2014
Crash with SRP Ciphersuite in Server Hello Message
PolarSSL Denial of Service against GCM enabled servers
Vulnerabilities fixed in the OpenSSL library
GnuTLS Hello Vulnerability
- The Official Radare Blog
Vulnerability in BIND
Heartbleed
SCTP Linux Kernel Panic
Heimdal in Apple OS X allows remote DoS
- A reachable abort existed in the handling of ASN.1 data
- CVE-2014-1316 Description
Apple TLS Bug
2013
Vulnerability in Oracle
Apple remote DoS (CVE 2013-5140)
2012
Two vulnerabilities in the ISC DHCP server implementation
- CERT-FI Advisory on ISC DHCP
- An Error in the Handling of an Unexpected Client Identifiers can Cause Server Crash When Serving DHCPv6
- An Error in the Handling of Malformed Client Identifiers can Cause a Denial-of-Service Condition in Affected Servers
- CVE-2012-3570
- CVE-2012-3571
RSA signature verification vulnerability in strongSwan
Invalid TLS/DTLS record vulnerability in OpenSSL
Large Host: header can crash the Apache Traffic Server
- CERT-FI Advisory on Apache Traffic Server
- "Important security announcement: All versions of Traffic Server prior to v3.0.4 and v3.1.3 have a vulnerability where a large Host: header can crash the server under certain conditions."
- CVE-2012-0256
Two vulnerabilities in ImageMagick - Invalid Validation and Denial of Service
2011
Vulnerability in open source Bluetooth bluez-hcidump
Five vulnerabilities in the BGP and OSPF daemons of Quagga
2010
Two vulnerabilities in the BGP daemon of Quagga
- CERT-FI Advisory on Quagga
- Quagga 0.99.17 release note
- CVE-2010-2948
- CVE-2010-2949
SMB Stack Exhaustion Vulnerability
- MS10-054 - Vulnerabilities in SMB Server Could Allow Remote Code Execution
- Microsoft Security Bulletin Summary for August 2010
- CVE-2010-2552
Two vulnerabilities in OpenLDAP
Linux SCTP INIT message handling
Lexmark vulnerabilities in HTTP and SSL
- HTTP Denial of Service Vulnerability Notification for Lexmark Printers and Multi-Function Printers
- CVE-2010-0101
- SSL Denial of Service Vulnerability Notification for Lexmark Printers and Multi-Function Printers
- CVE-2004-0079 (Regression)
Microsoft SMB implementations
- Microsoft Security Bulletin MS10-012
- CVE-2010-0020
Linux Kernel (with CERT-FI):
2009
XML (several open source libraries, with CERT-FI):
- CERT-FI Advisory
- CVE-2009-3720 (libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software)
- CVE-2009-1885 (Apache Xerces C++ 2.7.0 and 2.8.0)
- CVE-2009-2414 (libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17)
- CVE-2009-2416 (libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17)
- CVE-2009-2625 (Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6)
- List of affected software products and vendors includes (at least): Python Expat, Xerces C++, Libxml2, Sun Java, Xerces Java, OpenJDK, Apple, Google, OpenOffice, Sun StarOffice, Sun StarSuite, Oracle, VMware, ...
Squid (with CERT-FI):
2008
OpenSSL (with CERT-FI):
GnuTLS (with CERT-FI):
- GnuTLS update
- CERT-FI advisory
- CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
NetBSD (with CERT-FI):
SMB libraries:
- Microsoft advisory
- CVE-2008-4038
2007
OpenGGSN (by VTT):
2005
Image libraries (with NISCC):
- Advisory from Microsoft
2004
Related resources