"Codenomicon Lab's core focus is to empower the decision makers to provide better quality software and better quality products"

Codenomicon Labs

Advisories

Note that some of these vulnerabilities have been found by our customers individually using our Defensics fuzzing tools, and security testing services. Please let us know if you know other public vulnerability advisories regarding bugs fixed using Codenomicon solutions.


2014:

GnuTLS Hello Vulnerability

Vulnerability in BIND

Heartbleed

SCTP Linux Kernel Panic

Heimdal in Apple OS X allows remote DoS

Apple TLS Bug


2013:

Vulnerability in Oracle

Apple remote DoS (CVE 2013-5140)


2012:

Two vulnerabilities in the ISC DHCP server implementation

RSA signature verification vulnerability in strongSwan

Invalid TLS/DTLS record vulnerability in OpenSSL

Large Host: header can crash the Apache Traffic Server

Two vulnerabilities in ImageMagick - Invalid Validation and Denial of Service

2011:

Vulnerability in open source Bluetooth bluez-hcidump

Five vulnerabilities in the BGP and OSPF daemons of Quagga

2010:

Two vulnerabilities in the BGP daemon of Quagga

SMB Stack Exhaustion Vulnerability

Two vulnerabilities in OpenLDAP

Linux SCTP INIT message handling

Lexmark vulnerabilities in HTTP and SSL

Microsoft SMB implementations

Linux Kernel (with CERT-FI):


2009:

XML (several open source libraries, with CERT-FI):

Squid (with CERT-FI):

Squid (with CERT-FI):


2008:

OpenSSL (with CERT-FI):

GnuTLS (with CERT-FI):

NetBSD (with CERT-FI):

SMB libraries:


2007:

OpenGGSN (by VTT):


2005:

Image libraries (with NISCC):


2004:

OpenSSL (with NISCC and RedHat):

Apache (with NISCC and RedHat):