- Silicon Design & Verification
- Silicon IP
- Software Integrity
- About Us
- Silicon Design & Verification Products
- Solutions
- Resources
- Services
- Community
- Training
- Silicon IP Products
- Solutions
- Resources
- Services
- Community
- Software Integrity
- Tools & Services
- Training & Education
- Solutions
- Resources
- Support
- Partners
- About Us
< Silicon Design & Verification Products
< Silicon Design & Verification Products
< Silicon Design & Verification Products
< Silicon Design & Verification Products
3D Image Processing
Simpleware Products
Simpleware for Life Sciences
Simpleware for Materials & Manufacturing
< Silicon Design & Verification Products
< Silicon Design & Verification Products
< overview
Silicon Design & Verification Products
+
Design
+
System Simulation & Modeling
+
Verification Continuum
+
3D Image Processing
+
Silicon Engineering
+
Optical Solutions
< Solutions
< Solutions
< Solutions
< Resources
< Resources
< Resources
< overview
< Services
< Services
< Services
< Community
Community
Community Overview
< Community
< Community
< Community
< Community
< Community
< Community
< Community
< overview
Community
+
Community
+
SNUG
+
Partners
+
EmbARC.org
+
Interoperability
+
Academic Programs
+
Company Blogs
+
BSIMM
< Training
< overview
< main menu
< Silicon IP Products
< Silicon IP Products
Memories & Libraries
Logic Libraries
Memory Compliers
Duet Packages
HPC Design Kit
Embedded Test & Repair
Non-Volatile Memory
< Silicon IP Products
< Silicon IP Products
Processor Solutions
ARC Processor IP
Embedded Vision Processor IP
Development Tools
Operating Systems
Ecosystem
ASIP Tools
< Silicon IP Products
< Silicon IP Products
< Silicon IP Products
< Silicon IP Products
< Silicon IP Products
< overview
Silicon IP Products
+
Interface IP
+
Memories & Libraries
+
Analog IP
+
Processor Solutions
+
IP Subsystems
+
Security IP
+
Market Segments
+
IP Accelerated
+
SoC Infrastructure IP
< Solutions
< Resources
< Services
< Services
< Services
< Community
Community
Community Overview
< Community
< Community
< Community
< Community
< Community
< Community
< Community
< overview
Community
+
Community
+
SNUG
+
Partners
+
EmbARC.org
+
Interoperability
+
Academic Programs
+
Company Blogs
+
BSIMM
< overview
Software Integrity
< Tools & Services
< Tools & Services
Professional Services
Strategy and Planning (BSIMM)
Architecture & Design
DecSecOps Integration
Cloud Security
Industry Solutions
< Tools & Services
Open Source Audits
< overview
< Training & Education
< Training & Education
Product Education
< overview
< Solutions
< Solutions
< Resources
< Resources
< Support
< Support
Contact Support
< Partners
< main menu
Software Integrity
+
Software Integrity
+
Tools & Services
+
Training & Education
+
Solutions
+
Resources
+
Support
+
Partners
< About Us
< About Us
< About Us
< About Us
< About Us
< About Us
Software Vulnerabilities Found with Defensics
Advisories
Note that some of these vulnerabilities have been found by our customers individually using our fuzzing tools and security testing services.
2017
Apple products Bluetooth component
Linux NFSD implementation
2016
Apple products Bluetooth component
2015
PolarSSL Remote attack using crafted certificates
OpenSSL Certificate fingerprints can be modified
Multiple errors in DCE-RPC code
2014
Crash with SRP Ciphersuite in Server Hello Message
PolarSSL Denial of Service against GCM enabled servers
Vulnerabilities fixed in the OpenSSL library
GnuTLS Hello Vulnerability
- The Official Radare Blog
Vulnerability in BIND
Heartbleed
SCTP Linux Kernel Panic
Heimdal in Apple OS X allows remote DoS
- A reachable abort existed in the handling of ASN.1 data
- CVE-2014-1316 Description
Apple TLS Bug
2013
Vulnerability in Oracle
Apple remote DoS (CVE 2013-5140)
2012
Two vulnerabilities in the ISC DHCP server implementation
- CERT-FI Advisory on ISC DHCP
- An Error in the Handling of an Unexpected Client Identifiers can Cause Server Crash When Serving DHCPv6
- An Error in the Handling of Malformed Client Identifiers can Cause a Denial-of-Service Condition in Affected Servers
- CVE-2012-3570
- CVE-2012-3571
RSA signature verification vulnerability in strongSwan
Invalid TLS/DTLS record vulnerability in OpenSSL
Large Host: header can crash the Apache Traffic Server
- CERT-FI Advisory on Apache Traffic Server
- "Important security announcement: All versions of Traffic Server prior to v3.0.4 and v3.1.3 have a vulnerability where a large Host: header can crash the server under certain conditions."
- CVE-2012-0256
Two vulnerabilities in ImageMagick - Invalid Validation and Denial of Service
2011
Vulnerability in open source Bluetooth bluez-hcidump
Five vulnerabilities in the BGP and OSPF daemons of Quagga
2010
Two vulnerabilities in the BGP daemon of Quagga
- CERT-FI Advisory on Quagga
- Quagga 0.99.17 release note
- CVE-2010-2948
- CVE-2010-2949
SMB Stack Exhaustion Vulnerability
- MS10-054 - Vulnerabilities in SMB Server Could Allow Remote Code Execution
- Microsoft Security Bulletin Summary for August 2010
- CVE-2010-2552
Two vulnerabilities in OpenLDAP
Linux SCTP INIT message handling
Lexmark vulnerabilities in HTTP and SSL
- HTTP Denial of Service Vulnerability Notification for Lexmark Printers and Multi-Function Printers
- CVE-2010-0101
- SSL Denial of Service Vulnerability Notification for Lexmark Printers and Multi-Function Printers
- CVE-2004-0079 (Regression)
Microsoft SMB implementations
- Microsoft Security Bulletin MS10-012
- CVE-2010-0020
Linux Kernel (with CERT-FI):
2009
XML (several open source libraries, with CERT-FI):
- CERT-FI Advisory
- CVE-2009-3720 (libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software)
- CVE-2009-1885 (Apache Xerces C++ 2.7.0 and 2.8.0)
- CVE-2009-2414 (libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17)
- CVE-2009-2416 (libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17)
- CVE-2009-2625 (Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6)
- List of affected software products and vendors includes (at least): Python Expat, Xerces C++, Libxml2, Sun Java, Xerces Java, OpenJDK, Apple, Google, OpenOffice, Sun StarOffice, Sun StarSuite, Oracle, VMware, ...
Squid (with CERT-FI):
2008
OpenSSL (with CERT-FI):
GnuTLS (with CERT-FI):
- GnuTLS update
- CERT-FI advisory
- CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
NetBSD (with CERT-FI):
SMB libraries:
- Microsoft advisory
- CVE-2008-4038
2007
OpenGGSN (by VTT):
2005
Image libraries (with NISCC):
- Advisory from Microsoft
2004
Related resources