"Codenomicon Lab's core focus is to empower the decision makers to provide better quality software and better quality products"
Codenomicon Labs
Advisories
Note that some of these vulnerabilities have been found by our customers individually using our Defensics fuzzing tools, and security testing services. Please let us know if you know other public vulnerability advisories regarding bugs fixed using Codenomicon solutions.
2010:
Two vulnerabilities in OpenLDAP
Linux SCTP INIT message handling
Lexmark vulnerabilities in HTTP and SSL
- HTTP Denial of Service Vulnerability Notification for Lexmark Printers and Multi-Function Printers
- CVE-2010-0101
- SSL Denial of Service Vulnerability Notification for Lexmark Printers and Multi-Function Printers
- CVE-2004-0079 (Regression)
Microsoft SMB implementations
Linux Kernel (with CERT-FI):
2009:
XML (several open source libraries, with CERT-FI):
- Codenomicon page on XML issues
- Press Release
- CERT-FI Advisory
- CVE-2009-3720 (libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software)
- CVE-2009-1885 (Apache Xerces C++ 2.7.0 and 2.8.0)
- CVE-2009-2414 (libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17)
- CVE-2009-2416 (libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17)
- CVE-2009-2625 (Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6)
- List of affected software products and vendors includes (at least): Python Expat, Xerces C++, Libxml2, Sun Java, Xerces Java, OpenJDK, Apple, Google, OpenOffice, Sun StarOffice, Sun StarSuite, Oracle, VMware, ...
Squid (with CERT-FI):
Squid (with CERT-FI):
2008:
OpenSSL (with CERT-FI):
GnuTLS (with CERT-FI):
NetBSD (with CERT-FI):
SMB libraries:
2007:
OpenGGSN (by VTT):
2005:
Image libraries (with NISCC):
2004:
OpenSSL (with NISCC and RedHat):
Apache (with NISCC and RedHat):
