For All Secure Logo For All Secure Logo
  • Products
  • Solutions
  • Resources & Labs
  • Company
Get demo
    • Mayhem for Code
    • Mayhem for API
    • Need
      DevSecOps Safety Critical
    • Industry
      Government
    • Resources
      Resources Glossary FAQs Blog
    • Labs
      Vulnerabilities Lab Research Lab Responsible Disclosures
    • About Us Events Contact
    • Careers News
Get demo
Mayhem for Code
Mayhem for API

ForAllSecure delivers an autonomous application security testing solution. Fortune 1000 companies in aerospace, automotive, and high-tech partner with ForAllSecure to efficiently and effectively secure their software.

Need
DevSecOps Safety Critical
Industry
Government

ForAllSecure delivers an autonomous application security testing solution. Fortune 1000 companies in aerospace, automotive, and high-tech partner with ForAllSecure to efficiently and effectively secure their software.

Resources
Resources Glossary FAQs Blog
Labs
Vulnerabilities Lab Research Lab

ForAllSecure delivers an autonomous application security testing solution. Fortune 1000 companies in aerospace, automotive, and high-tech partner with ForAllSecure to efficiently and effectively secure their software.

About Us Events Contact
Careers News Security

ForAllSecure delivers an autonomous application security testing solution. Fortune 1000 companies in aerospace, automotive, and high-tech partner with ForAllSecure to efficiently and effectively secure their software.

Vulnerabilities Lab

A database of zero-day vulnerabilities found by ForAllSecure Mayhem
Filter By:
All years 2022 2021 2020 2019 2018 2017
All Technologies Embedded Systems Serialization File Support Parsing Encryption Computer Graphics Web Server Aerospace

Read our disclosure policy

2022

No results for the selected filter.

Rulex Not Quite Zero-Day

The crash is fixed in version **0.4.3** of Rulex. Affected users are advised to update to this version.

CVE-2022-31099

Rulex Not Quite Zero-Day

The crashes are fixed in version **0.4.3** of Rulex. Affected users are advised to update to this version.

CVE-2022-31100

Apache Avro Rust SDK Not Quite Zero-Day

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs).

CVE-2022-35724

Apache Avro Rust SDK Not Quite Zero-Day

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0

CVE-2022-36124

Apache Avro Rust SDK Not Quite Zero-Day

It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs)

CVE-2022-36125

Rust-Websockets Not Quite Zero-Day

Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory (OOM) process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source.

CVE- 2022035922

2021

No results for the selected filter.

NGA Six-Library Not Quite Zero-Day

Six-library is a software library published by the US government's National Geospatial-Intelligence Agency (NGA). The six-library is designed to parse and manipulate satellite imagery and data for both internal and public use. 

Learn more on the blog See it on Github Watch the webinar

2020

No results for the selected filter.

OpenWRT RCE Zero-Day

OpenWRT is a Linux-based OS often found in embedded devices and network routers.

  • CVE-2020-7982
Learn more on the blog Read the article

cereal Zero-Day

cereal is a light-weight, general-purpose serialization library.

  • CVE-2020-11104
  • CVE-2020-11105
Learn more on the blog Watch the webinar

MP3Gain Zero-Day

MP3Gain analyzes and adjusts MP3 files so that they have the same volume by using statistical analysis to determine what those levels should be.

  • CVE-2020-15359
Learn more on the blog

GNU C Zero-Day

The GNU C Library (glibc) is one of the most common open source C library used on Linux systems.

  • CVE-2020-10029
Learn more on the blog See it on Github Watch the webinar

JSON Not Quite Zero-Day

JQ is a very popular JSON parsing library written in C.

Learn more on the blog See it on Github

2019

No results for the selected filter.

Netflix Dial Reference Zero-Day

The DIAL server is commonly found in televisions to support online streaming services.

  • CVE-2019-10028
Learn more on the blog Read the article See it on Github

Oniguruma Zero-Day

Oniguruma is a regex C library commonly used as a parser in the PHP and Ruby programming language.

  • CVE-2019-13225
  • CVE-2019-13224
See it on Github

Matio Zero-Day

MATIO is an open source C library used for parsing MATLAB files.

  • CVE-2019-13107
Learn more on the blog See it on Github

Das U-Boot Zero-Day

Das U-Boot is a bootloader common in embedded devices, including Amazon Kindles, ARM Chromebooks, networking hardware, and more.

  • CVE-2019-13103
  • CVE-2019-13104
  • CVE-2019-13105
  • CVE-2019-13106
Learn more on the blog Read the article See it on Github

MatrixSSL & WolfSSL Zero-Day

MatrixSSL and WolfSSL are open source cryptographic library aimed at IoT and other lightweight use cases.

  • CVE-2019-13470
Learn more on the blog

stb Zero-Day

stb is a suite of single-file C libraries containing utility functions useful to for computer graphics applications or games.

  • CVE-2019-13217
  • CVE-2019-13218
  • CVE-2019-13219
  • CVE-2019-13220
  • CVE-2019-13221
  • CVE-2019-13222
  • CVE-2019-13223
Learn more on the blog Read the article See it on Github

FreeImage Zero-Day

FreeImage is an open source library for supporting popular graphic image formats, including PNG, BMG, JPEG, TIFF, and more.

  • CVE-2019-13499 (pending)
  • CVE-2019-13500 (pending)
  • CVE-2019-13501 (pending)
Learn more on the blog

2018

No results for the selected filter.

H2O Zero-Day

H2O is an open source HTTP server written in C. H2O is known for its ability to deliver quicker responses to users with less CPU utilization than older generations of web servers.

  • CVE-2018-0608
Watch the webinar

2017

No results for the selected filter.

sthttpd Zero-Day

sthttpd is an open source web server designed for simplicity, a small execution footprint and speed.

  • CVE-2017-10671
See it on Github Watch the webinar

See What Mayhem
Can Do For You

Get a personalized demo

Having Trouble?

We can give you some extra help! For personalized tech support, email us at support@forallsecure.com.

Ask the Mayhem Community
fas logo
Product
Mayhem for Code Mayhem for API
Solutions
Need
DevSecOps Safety Critical
Industry
Government
Resources
Resources Blog Glossary FAQs Vulnerabilities Lab Research Lab The Hacker Mind FuzzCon
Company
About Us News Careers Events Contact
Support
Help & Support
© 2021 ForAllSecure  |  All rights reserved  |  Privacy  |  Terms

We use cookies for analytics and to improve our site. You agree to our use of cookies by closing this message box or continuing to use our site. To find out more, see our Privacy Policy.