NEWS > Research Blog

April 03, 2024
Advisory X41-2024-001: Weak Chilkat PRNG
The Chilkat library generated secret key material using a pseudorandom number generator not designed for cryptographic purposes. Attackers observing a sufficient number of outputs can recover past and future outputs of it. This includes, for example, key material generated with it, allowing attackers to decrypt or alter data protected by the key material.
April 01, 2024
X41 announces first product
X41 announces the companys first product - A CVSS calculator that scales!
February 13, 2024
X41 Source Code Audit of ISC BIND 9
X41 releases the code audit report of BIND 9
November 09, 2023
X41 Audited Rust-VMM
X41 reviewed Rust-VMM
September 21, 2023
Advisory X41-2023-001: Two Vulnerabilities in OPNsense
Yasar Klawohn and JM of X41 discovered multiple vulnerabilities in OPNsense
September 18, 2023
X41 Reviewed OpenSearch
X41 releases the code review report of OpenSearch
August 16, 2023
X41 Reviewed and Improved Envoy Fuzzers
X41 reviewed the fuzzers employed to exercise the code base of Envoy
July 12, 2023
X41 Audited libjpeg-turbo
X41 releases the audit report of libjpeg-turbo
June 07, 2023
X41 Audited Go TUF
X41 releases the audit report of Go TUF
May 26, 2023
X41 Audited in-toto
X41 releases the audit report of in-toto
May 25, 2023
X41 Audited c-ares
X41 releases the audit report of c-ares
May 15, 2023
X41 Audited libcap
X41 releases the audit report of libcap
April 26, 2023
X41 Audited simplejson
X41 releases the audit report of simplejson
January 17, 2023
X41 Audited Git
X41 releases the audit report of Git
October 26, 2022
X41 Audited The Update Framework (TUF)
X41 releases the audit report of The Update Framework.
August 30, 2022
X41 Audited Backstage
X41 finished auditing the Backstage platform and releases the resulting report.
June 28, 2022
AnyZone - Delegated zones for every IP
AnyZone lets you easily get a delegated zone for testing purposes without touching zone files
June 14, 2022
Wrapping up Unikernel Security Research
As part of his master thesis Leonard Rapp analyzed the security of various popular unikernels. This blogpost is the last one in the unikernel series. It discusses some of the findings and draws a conclusion.
May 18, 2022
Missing or Weak Mitigations in Various Unikernels
Several security weaknesses and missing mitigations were discovered in various unikernel systems
March 31, 2022
Critical Vulnerabilities in Spring and Spring Cloud Function That Will Probably Make This Weekend Less Fun - Analysis and Overview
The popular Java Spring framework may be affected by multiple remote code execution (RCE) vulnerabilities.
Background Image