Products
Solutions
Services
Community
About Us

Software Vulnerabilities Found with Defensics

Advisories

Note that some of these vulnerabilities have been found by our customers individually using our fuzzing tools and security testing services.

2017

Apple products Bluetooth component

CVE-2017-2420

Linux NFSD implementation

2016

Apple products Bluetooth component

CVE-2016-7596

2015

PolarSSL Remote attack using crafted certificates

PolarSSL Security Advisory on CVE-2015-1182

OpenSSL Certificate fingerprints can be modified

OpenSSL Advisory on CVE-2014-8275

Multiple errors in DCE-RPC code

CVE-2015-5370

2014

Crash with SRP Ciphersuite in Server Hello Message

OpenSSL Advisory on CVE-2014-5139

PolarSSL Denial of Service against GCM enabled servers

PolarSSL Security Advisory

Vulnerabilities fixed in the OpenSSL library

Finnish Communications Regulatory Authority, NCSC-FI Vulnerability Coordination

GnuTLS Hello Vulnerability

The Official Radare Blog

Vulnerability in BIND

Heartbleed

SCTP Linux Kernel Panic

Heimdal in Apple OS X allows remote DoS

A reachable abort existed in the handling of ASN.1 data
CVE-2014-1316 Description

Apple TLS Bug

Understanding the Apple TLS Bug

2013

Vulnerability in Oracle

Oracle critical patch update

Apple remote DoS (CVE 2013-5140)

Apple iOS before 7 allows remote denial of service via an invalid packet fragment

2012

Two vulnerabilities in the ISC DHCP server implementation

RSA signature verification vulnerability in strongSwan

Invalid TLS/DTLS record vulnerability in OpenSSL

Large Host: header can crash the Apache Traffic Server

Two vulnerabilities in ImageMagick - Invalid Validation and Denial of Service

2011

Vulnerability in open source Bluetooth bluez-hcidump

Five vulnerabilities in the BGP and OSPF daemons of Quagga

2010

Two vulnerabilities in the BGP daemon of Quagga

SMB Stack Exhaustion Vulnerability

Two vulnerabilities in OpenLDAP

Linux SCTP INIT message handling

Lexmark vulnerabilities in HTTP and SSL

Microsoft SMB implementations

Linux Kernel (with CERT-FI):

2009

XML (several open source libraries, with CERT-FI):

CERT-FI Advisory
CVE-2009-3720 (libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software)
CVE-2009-1885 (Apache Xerces C++ 2.7.0 and 2.8.0)
CVE-2009-2414 (libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17)
CVE-2009-2416 (libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17)
CVE-2009-2625 (Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6)
List of affected software products and vendors includes (at least): Python Expat, Xerces C++, Libxml2, Sun Java, Xerces Java, OpenJDK, Apple, Google, OpenOffice, Sun StarOffice, Sun StarSuite, Oracle, VMware, ...

Squid (with CERT-FI):

2008

OpenSSL (with CERT-FI):

GnuTLS (with CERT-FI):

GnuTLS update
CERT-FI advisory
CVE-2008-1948, CVE-2008-1949, CVE-2008-1950

NetBSD (with CERT-FI):

SMB libraries:

2007

OpenGGSN (by VTT):

Advisory from VTT

2005

Image libraries (with NISCC):

Advisory from Microsoft

2004

OpenSSL (with NISCC and RedHat):

Red Hat
CVE-2004-0081

Apache (with NISCC and RedHat):

Contact Sales

Related resources

Fuzz testing data sheet

Fuzz testing SDK

What is fuzzing?

Fuzzing test suites