Cybersecurity Research Center (CyRC)

CyRC's mission is to advance the state of software security through research, innovation, and evangelism.

CyRC leverages Black Duck’s expertise, technology, and resources to conduct high-quality primary and secondary software security research, and publishes its findings for the benefit of the broader security, developer, and DevSecOps communities.

Operating within the greater Black Duck mission of building trust in the software that powers our lives, CyRC helps increase awareness of issues by publishing research supporting strong cybersecurity practices.

CyRC leverages core expertise present in our global software security teams. Our expertise spans static code analysis, software composition analysis, dynamic analysis, fuzzing, interactive application security testing, open source development, and production deployment. With software at the heart of modern life—from wearable devices, home automation, blockchain, mobile applications, and automotive technologies—access to actionable security information must flow at the pace of innovation.

Latest from CyRC

Download CyRC research reports

To help organizations develop secure, high-quality software, the CyRC team publishes research that supports strong cyber security practices. Check out some of the latest research.

Software Vulnerability Snapshot

Download the report

Open Source Security and Risk Analysis Report

Download the report

Vulnerabilities discovered and disclosed by CyRC

CVE
BDSA
Product
Researcher
Tool
References
Notes

CVE-2023-32353		iTunes	Zeeshan Shaikh		Black Duck advisory
CVE-2023-25827		OpenTSDB	Jamie Harris		Black Duck advisory
CVE-2023-25826		OpenTSDB	Jamie Harris		Black Duck advisory
CVE-2023-25828		Pluck CMS	Matthew Hogg		Black Duck advisory
CVE-2023-23846	BDSA-2023-0197	Open5GS	Tommi Maekilae Qiang Li	Defensics	Black Duck advisory
CVE-2022-45477		Telepad	Mohamed Alshehri		Black Duck advisory
CVE-2022-45478		Telepad	Mohamed Alshehri		Black Duck advisory
CVE-2022-45479		PC Keyboard	Mohamed Alshehri		Black Duck advisory
CVE-2022-45480		PC Keyboard	Mohamed Alshehri		Black Duck advisory
CVE-2022-45481		Lazy Mouse	Mohamed Alshehri		Black Duck advisory
CVE-2022-45482		Lazy Mouse	Mohamed Alshehri		Black Duck advisory
CVE-2022-45483		Lazy Mouse	Mohamed Alshehri		Black Duck advisory
CCVE-2022-43945	BDSA-2022-3119	Linux kernel NFSD	Aleksi Illikainen Kari Hulkko	Defensics	Black Duck advisory
CVE-2022-39065		IKEA TRÅDFRI gateway	Kari Hulkko Tuomo Untinen	Defensics	Black Duck advisory
CVE-2022-39064		IKEA TRÅDFRI smart bulb	Kari Hulkko Tuomo Untinen	Defensics	Black Duck advisory
CVE-2022-39063	BDSA-2022-2568	Open5GS	Qiang Li	Defensics	Black Duck advisory
CVE-2022-27535		Kaspersky VPN Secure Connection	Zeeshan Shaikh		Black Duck advisory
CVE-2022-30617	BDSA-2022-1351	Strapi	David Johansson		Black Duck advisory
CVE-2022-30618	BDSA-2022-1359	Strapi	David Johansson		Black Duck advisory
CVE-2022-24814	BDSA-2022-0959	Directus	David Johansson		Black Duck advisory
CVE-2021-43175	BDSA-2021-3657	GOautodial goAPI	Scott Tolley	Seeker	Black Duck advisory
CVE-2021-43176	BDSA-2021-3656	GOautodial goAPI	Scott Tolley	Seeker	Black Duck advisory
CVE-2021-33177	BDSA-2021-2845	Nagios XI	Scott Tolley	Seeker	Black Duck advisory
CVE-2021-33179	BDSA-2021-2847	Nagios XI	Scott Tolley	Seeker	Black Duck advisory
CVE-2021-33178	BDSA-2021-2846	Nagios XI	Scott Tolley	Seeker	Black Duck advisory
CVE-2021-22116	BDSA-2021-1329	RabbitMQ	Jonathan Knudsen	Defensics	Black Duck advisory
CVE-2021-33175	BDSA-2021-1608	EMQ X	Jonathan Knudsen	Defensics	Black Duck advisory
CVE-2021-33176	BDSA-2021-1609	VerneMQ	Jonathan Knudsen	Defensics	Black Duck advisory
CVE-2021-3430	BDSA-2021-1716	Zephyr Project	Matias Karhumaa	Defensics	Black Duck advisory
CVE-2021-3431	BDSA-2021-1718	Zephyr Project	Matias Karhumaa	Defensics	Black Duck advisory
CVE-2021-3432	BDSA-2021-1727	Zephyr Project	Matias Karhumaa	Defensics	Black Duck advisory
CVE-2021-3433	BDSA-2021-1734	Zephyr Project	Matias Karhumaa	Defensics	Black Duck advisory
CVE-2021-3434	BDSA-2021-1737	Zephyr Project	Matias Karhumaa	Defensics	Black Duck advisory
CVE-2021-3435	BDSA-2021-1757	Zephyr Project	Matias Karhumaa	Defensics	Black Duck advisory
CVE-2021-3454	BDSA-2021-1761	Zephyr Project	Matias Karhumaa	Defensics	Black Duck advisory
CVE-2021-3455	BDSA-2021-1762	Zephyr Project	Matias Karhumaa	Defensics	Black Duck advisory
CVE-2020-7958		OnePlus 7	Georgi Boiko Artem Gonchar Andrew Lee-Thorp	Defensics	Black Duck advisory
CVE-2020-28052	BDSA-2020-3371	BouncyCastle	Tero Rontti Matti Varanka	Defensics	Black Duck advisory
CVE-2020-27223	BDSA-2020-4221	Jetty	Tero Rontti Matti Varanka	Defensics	Black Duck advisory Jetty advisory
CVE-2019-18989	BDSA-2020-2548	Mediatek MT7620N chipset	Kari Hulkko Tuomo Untinen	Defensics	Black Duck advisory
CVE-2019-18990	BDSA-2020-2549	Realtek RTL8812AR chipset	Kari Hulkko Tuomo Untinen	Defensics	Black Duck advisory
CVE-2019-18991	BDSA-2020-2550	Atheros (Qualcomm) AR9132 chipset	Kari Hulkko Tuomo Untinen	Defensics	Black Duck advisory
CVE-2018-18907		D-Link DIR-850L	Tuomo Untinen	Defensics	D-Link advisory Black Duck advisory FI-NCSC advisory
CVE-2017-2420		Apple macOS	Matias Karhumaa Marko Laakso Pekka Oikarainen	Defensics	Apple advisory
CVE-2017-7645	BDSA-2017-1139	Linux kernel NFS	Tuomas Haanpaa Matti Kamunen	Defensics	RedHat advisory Debian advisory
CVE-2017-7895	BDSA-2017-0353	Linux kernel NFS	Ari Kauppi	Defensics	RedHat advisory Debian advisory
CVE-2017-8797	BDSA-2017-0246	Linux kernel NFS		Defensics	RedHat advisory
CVE-2016-7596		Apple macOS	Matias Karhumaa Marko Laakso Pekka Oikarainen	Defensics	Apple advisory
CVE-2015-1182		PolarSSL		Defensics	PolarSSL advisory
CVE-2015-5370		Samba	Jouni Knuutinen	Defensics	Samba advisory
CVE-2014-8275	BDSA-2021-1608	OpenSSL	Antti Karjalainen Tuomo Untinen	Defensics	OpenSSL advisory
CVE-2014-5139	BDSA-2021-1608	OpenSSL	Riku Hietamäki Joonas Kuorilehto	Defensics	OpenSSL advisory
CVE-2014-4911		PolarSSL		Defensics	PolarSSL security advisory
CVE-2014-5139		OpenSSL	Riku Hietamäki Joonas Kuorilehto	Defensics	FICORA advisory
CVE-2014-3466		GnuTLS	Joonas Kuorilehto	Defensics	GnuTLS advisory Radare blog
CVE-2014-3859		GnuTLS		Defensics	ISC advisory SCIP advisory
CVE-2014-0160	BDSA-2014-0028	OpenSSL	Riku Hietamäki Matti Kamunen Antti Karjalainen	Defensics	heartbleed.com NCSC-FI advisory	Heartbleed
CVE-2014-0101		Linux kernel		Defensics	RedHat advisory RedHat issue
CVE-2014-1316		Apple OS X		Defensics	Apple advisory
CVE-2014-1266		Apple iOS		Defensics	Apple advisory Black Duck advisory iMore article	"goto fail"
CVE-2013-3748		Oracle	Joonas Kuorilehto	Defensics	Oracle advisory
CVE-2013-5140		Apple iOS	Joonas Kuorilehto	Defensics	Black Duck advisory
CVE-2012-3570	BDSA-2021-3657	ISC DHCP		Defensics	CERT-FI advisory ISC advisory
CVE-2012-3571	BDSA-2021-3656	ISC DHCP		Defensics	ISC advisory
CVE-2012-2388		strongSwan		Defensics	CERT-FI advisory
CVE-2012-2333		OpenSSL		Defensics	CERT-FI advisory
CVE-2012-0256	BDSA-2021-1609	Apache Traffic Server		Defensics	CERT-FI advisory
CVE-2012-0259		ImageMagick	Aleksis Kauppinen Joonas Kuorilehto Tuomas Parttimaa Lasse Ylivainio	Defensics	CERT-FI advisory
CVE-2012-0260		ImageMagick	Aleksis Kauppinen Joonas Kuorilehto Tuomas Parttimaa Lasse Ylivainio	Defensics	CERT-FI advisory
CVE-2012-1798		ImageMagick	Aleksis Kauppinen Joonas Kuorilehto Tuomas Parttimaa Lasse Ylivainio	Defensics	CERT-FI advisory
CVE-2012-0247		ImageMagick	Aleksis Kauppinen Joonas Kuorilehto	Defensics	CERT-FI advisory
CVE-2012-0248		ImageMagick	Aleksis Kauppinen Joonas Kuorilehto	Defensics	CERT-FI advisory
CVE-2011-3334		bluez	Tommi Mäkilä Jukka Taimisto	Defensics	CERT-FI advisory
CVE-2011-3323		Quagga BGP and OSPF	Riku Hietamäki Jukka Taimisto Tuomo Untinen	Defensics	CERT-FI advisory
CVE-2011-3324		Quagga BGP and OSPF	Riku Hietamäki Jukka Taimisto Tuomo Untinen	Defensics	CERT-FI advisory
CVE-2011-3325		Quagga BGP and OSPF	Riku Hietamäki Jukka Taimisto Tuomo Untinen	Defensics	CERT-FI advisory
CVE-2011-3326		Quagga BGP and OSPF	Riku Hietamäki Jukka Taimisto Tuomo Untinen	Defensics	CERT-FI advisory
CVE-2011-3327		Quagga BGP and OSPF	Riku Hietamäki Jukka Taimisto Tuomo Untinen	Defensics	CERT-FI advisory
CVE-2010-2948		Quagga BGP and OSPF	Riku Hietamäki Jukka Taimisto Tuomo Untinen	Defensics	CERT-FI advisory Quagga 0.99.17 release note
CVE-2010-2949		Quagga BGP and OSPF	Riku Hietamäki Jukka Taimisto Tuomo Untinen	Defensics	CERT-FI advisory Quagga 0.99.17 release note
CVE-2010-2552		Microsoft SMB	Riku Hietamäki Joshua Morin	Defensics	Microsoft advisory Microsoft security summary
CVE-2010-0211		OpenLDAP	Ilkka Mattila Tuomas Salomäki	Defensics	CERT-FI advisory
CVE-2010-0212		OpenLDAP	Ilkka Mattila Tuomas Salomäki	Defensics	CERT-FI advisory
CVE-2010-1173		Linux Kernel SCTP	Jukka Taimisto Olli Jarva	Defensics	CERT-FI advisory
CVE-2010-0101		Lexmark printers		Defensics	Lexmark advisory Lexmark advisory (2)	CVE-2004-0079 (Regression)
CVE-2010-0020		Microsoft SMB	Joshua Morin	Defensics	Microsoft advisory
CVE-2010-0006		Linux Kernel	Olli Jarva Tuomo Untinen	Defensics	CERT-FI advisory	CVE-2007-4567 (Regression)
CVE-2009-3720		libexpat		Defensics	CERT-FI Advisory	Affected (at least): Python Expat, Xerces C++, Libxml2, Sun Java, Xerces Java, OpenJDK, Apple, Google, OpenOffice, Sun StarOffice, Sun StarSuite, Oracle, VMware, etc.
CVE-2009-1885		Apache Xerces C++		Defensics	CERT-FI Advisory	Affected (at least): Python Expat, Xerces C++, Libxml2, Sun Java, Xerces Java, OpenJDK, Apple, Google, OpenOffice, Sun StarOffice, Sun StarSuite, Oracle, VMware, etc.
CVE-2009-2414		libxml2				Affected (at least): Python Expat, Xerces C++, Libxml2, Sun Java, Xerces Java, OpenJDK, Apple, Google, OpenOffice, Sun StarOffice, Sun StarSuite, Oracle, VMware, etc.
CVE-2009-2416		libxml2				Affected (at least): Python Expat, Xerces C++, Libxml2, Sun Java, Xerces Java, OpenJDK, Apple, Google, OpenOffice, Sun StarOffice, Sun StarSuite, Oracle, VMware, etc.
CVE-2009-2625		Apache Xerces2 Java				Affected (at least): Python Expat, Xerces C++, Libxml2, Sun Java, Xerces Java, OpenJDK, Apple, Google, OpenOffice, Sun StarOffice, Sun StarSuite, Oracle, VMware, etc.
CVE-2009-2621		Squid		Defensics	Squid advisory
CVE-2009-2622		Squid		Defensics	Squid advisory
CVE-2009-0478		Squid		Defensics	Squid advisory
CVE-2008-0891		OpenSSL		Defensics	CERT-FI advisory OpenSSL advisory
CVE-2008-1948		GnuTLS	Ossi Herrala Jukka Taimisto	Defensics	CERT-FI advisory GnuTLS update GnuTLS second update
CVE-2008-1949		GnuTLS	Ossi Herrala Jukka Taimisto	Defensics	CERT-FI advisory GnuTLS update GnuTLS second update
CVE-2008-1950		GnuTLS	Ossi Herrala Jukka Taimisto	Defensics	CERT-FI advisory GnuTLS update GnuTLS second update
CVE-2008-2464		NetBSD		Defensics	CERT-FI advisory NetBSD advisory
CVE-2008-4038		Microsoft SMB		Defensics	Microsoft advisory
		OpenGGSN		Defensics	VTT advisory	Bug#446219
CVE-2005-1211		Microsoft image libraries		Defensics	Microsoft advisory
CVE-2004-0081		OpenSSL		Defensics	Red Hat advisory
CVE-2004-0786		Apache		Defensics	Red Hat advisory

Ready to get started?

Application security that scales with you. Meet the demands of modern software in a regulated, AI-powered world.

Contact sales

View solutions