Category Archives: Software Security Research

CyRC Vulnerability Advisory: Denial of service vulnerabilities in RabbitMQ, EMQ X, and VerneMQ

Posted on by

CVE-2021-22116, CVE-2021-33175, and CVE-2021-33176 are denial of service vulnerabilities in three popular open source message broker applications.
The post CyRC Vulnerability Advisory: Denial of service vulnerabilities in RabbitMQ, EMQ X, and VerneMQ… Continue reading CyRC Vulnerability Advisory: Denial of service vulnerabilities in RabbitMQ, EMQ X, and VerneMQ

Synopsys CyRC named a CVE Numbering Authority

Posted on by

As a CVE Numbering Authority, Synopsys can assign CVE ID numbers and publish newly discovered vulnerabilities.
The post Synopsys CyRC named a CVE Numbering Authority appeared first on Software Integrity Blog.
The post Synopsys CyRC named a CVE Number… Continue reading Synopsys CyRC named a CVE Numbering Authority

CyRC Vulnerability Advisory: Denial of service vulnerability in Jetty web server

Posted on by

CVE-2020-27223 is a denial of service vulnerability discovered in the Eclipse Foundation’s popular Jetty web server.
The post CyRC Vulnerability Advisory: Denial of service vulnerability in Jetty web server appeared first on Software Integrity Blog.
Continue reading CyRC Vulnerability Advisory: Denial of service vulnerability in Jetty web server

CyRC analysis: Authentication bypass vulnerability in Bouncy Castle

Posted on by

CVE-2020-28052 is an authentication bypass vulnerability discovered in Bouncy Castle’s OpenBSDBcrypt class. It allows attackers to bypass password checks.
The post CyRC analysis: Authentication bypass vulnerability in Bouncy Castle appeared first on … Continue reading CyRC analysis: Authentication bypass vulnerability in Bouncy Castle

CyRC analysis: CVE-2020-7958 biometric data extraction in Android devices

Posted on by

We dig into the inner workings of trustlets, how different components work together to provide a Trusted Execution Environment, and how to attack them.
The post CyRC analysis: CVE-2020-7958 biometric data extraction in Android devices appeared first o… Continue reading CyRC analysis: CVE-2020-7958 biometric data extraction in Android devices

Apache Struts research at scale, Part 2: Execution environments

Posted on by

During our CVE-2018-11776 research, after building 115 versions of Apache Struts, we had to address the challenges of recreating the execution environments.
The post Apache Struts research at scale, Part 2: Execution environments appeared first on Sof… Continue reading Apache Struts research at scale, Part 2: Execution environments

World’s top hackers meet at the first 5G Cyber Security Hackathon

Posted on by

Our Defensics R&D team put a couple of Synopsys tools to the test in the 5G Cyber Security Hackathon in Oulu, Finland, and placed in both of their competitions.
The post World’s top hackers meet at the first 5G Cyber Security Hackathon appea… Continue reading World’s top hackers meet at the first 5G Cyber Security Hackathon

Apache Struts research at scale, Part 1: Building 115 versions of Struts

Posted on by

When our research findings from CVE-2018-11776 prompted us to research other vulnerabilities, the first step was building 115 versions of Apache Struts.
The post Apache Struts research at scale, Part 1: Building 115 versions of Struts appeared first o… Continue reading Apache Struts research at scale, Part 1: Building 115 versions of Struts