Advisories
Note that some of these vulnerabilities have been found by our customers individually using our tools and security testing services.
- Silicon Design & Verification
- Products
- Solutions
- Resources
- Services
- Community
- Training
- Silicon IP
- Products
- Markets
- Newsletter
- Customer Success
- News
- Resources
- Software Integrity
- Tools & Services
- Solutions
- Customer Success
- Partners
- Resources
- Blog
- Intelligent Risk Management
- AppSec Testing Orchestration
- Vulnerability Correlation & Prioritization
- DevSecOps Integrations
- Manage Business and Software Risk
- Manage software risk at the speed your business demands.
- Company
- About Us
- Investor Relations
- Community
- Newsroom
- Resources
- Careers & Culture
< Silicon Design & Verification
Silicon Design & Verification
< Products
< Products
< Products
< Products
< Products
< Products
< Products
< Products
< Silicon Design & Verification
< Solutions
< Solutions
Cloud
Synopsys in the Cloud
< Solutions
< Solutions
< Solutions
< Solutions
< Silicon Design & Verification
< Resources
< Resources
Verification
Articles
Blogs
Datasheets
Events
News
Newsletters
Success Stories
Videos
Webinars
White Papers
< Resources
< Silicon Design & Verification
< Services
< Services
< Services
< Silicon Design & Verification
< Community
Community
Community Overview
< Community
< Community
< Community
< Community
< Silicon Design & Verification
< Training
< Silicon Design & Verification
Training
Training and Education
< main menu
< Silicon IP
Silicon IP
< Products
< Products
Processor Solutions
ARC Processor IP
Embedded Vision Processor IP
Development Tools
Operating Systems
Ecosystem
ASIP Tools
< Products
Memories & Libraries
Logic Libraries
Memory Compilers
Duet Packages
HPC Design Kit
PVT Sensors
Non-Volatile Memory
< Products
< Products
Analog IP
Data Converters
< Products
< Products
< Products
< Silicon IP
< Markets
< Silicon IP
Newsletter
< Silicon IP
Customer Success
< Silicon IP
News
< Resources
< Resources
< main menu
< Software Integrity
Software Integrity
< Tools & Services
Intelligent Risk Management
AppSec Testing Orchestration
Vulnerability Correlation & Prioritization
DevSecOps Integrations
< Tools & Services
< Tools & Services
Holistic Program Development
AppSec Program Strategy
Threat & Risk Assessments
Security Training
Open Source Audits
Implementation & Deployment
< Software Integrity
< Solutions
Manage Business and Software Risk
Manage software risk at the speed your business demands.
< Solutions
< Solutions
< Solutions
< Software Integrity
< Customer Success
< Customer Success
< Customer Success
< Software Integrity
< Software Integrity
Partners
< Resources
< Resources
< Software Integrity
< Software Integrity
Blog
< main menu
Software Integrity
Software Integrity
+
Tools & Services
+
Solutions
+
Customer Success
Partners
+
Resources
Blog
< About Us
Company
< About Us
< About Us
About Us
About Us
< Investor Relations
< About Us
Investor Relations
Investor Relations
< Community
< About Us
Community
Community
< Newsroom
< About Us
Newsroom
Newsroom
< Resources
< About Us
Resources
Resources
< Careers & Culture
< About Us
Careers & Culture
Careers
< main menu
Software Vulnerabilities Found with Synopsys
2018
CVE-2018-18907 authentication bypass vulnerability in D-Link DIR-850L wireless router
2017
Apple products Bluetooth component
Linux NFSD implementation
2016
Apple products Bluetooth component
2015
PolarSSL Remote attack using crafted certificates
OpenSSL Certificate fingerprints can be modified
Multiple errors in DCE-RPC code
2014
Crash with SRP Ciphersuite in Server Hello Message
PolarSSL Denial of Service against GCM enabled servers
Vulnerabilities fixed in the OpenSSL library
GnuTLS Hello Vulnerability
- The Official Radare Blog
Vulnerability in BIND
Heartbleed
SCTP Linux Kernel Panic
Heimdal in Apple OS X allows remote DoS
- A reachable abort existed in the handling of ASN.1 data
- CVE-2014-1316 Description
Apple TLS Bug
2013
Vulnerability in Oracle
Apple remote DoS (CVE 2013-5140)
2012
Two vulnerabilities in the ISC DHCP server implementation
- CERT-FI Advisory on ISC DHCP
- An Error in the Handling of an Unexpected Client Identifiers can Cause Server Crash When Serving DHCPv6
- An Error in the Handling of Malformed Client Identifiers can Cause a Denial-of-Service Condition in Affected Servers
- CVE-2012-3570
- CVE-2012-3571
RSA signature verification vulnerability in strongSwan
Invalid TLS/DTLS record vulnerability in OpenSSL
Large Host: header can crash the Apache Traffic Server
- CERT-FI Advisory on Apache Traffic Server
- "Important security announcement: All versions of Traffic Server prior to v3.0.4 and v3.1.3 have a vulnerability where a large Host: header can crash the server under certain conditions."
- CVE-2012-0256
Two vulnerabilities in ImageMagick - Invalid Validation and Denial of Service
- CERT-FI Advisory on issues in ImageMagick
- ImageMagick Invalid Validation and Denial of Service
- CVE-2012-0247
- CVE-2012-0248
2011
Vulnerability in open source Bluetooth bluez-hcidump
Five vulnerabilities in the BGP and OSPF daemons of Quagga
2010
Two vulnerabilities in the BGP daemon of Quagga
- CERT-FI Advisory on Quagga
- Quagga 0.99.17 release note
- CVE-2010-2948
- CVE-2010-2949
SMB Stack Exhaustion Vulnerability
- MS10-054 - Vulnerabilities in SMB Server Could Allow Remote Code Execution
- Microsoft Security Bulletin Summary for August 2010
- CVE-2010-2552
Two vulnerabilities in OpenLDAP
Linux SCTP INIT message handling
Lexmark vulnerabilities in HTTP and SSL
- HTTP Denial of Service Vulnerability Notification for Lexmark Printers and Multi-Function Printers
- CVE-2010-0101
- SSL Denial of Service Vulnerability Notification for Lexmark Printers and Multi-Function Printers
- CVE-2004-0079 (Regression)
Microsoft SMB implementations
- Microsoft Security Bulletin MS10-012
- CVE-2010-0020
Linux Kernel (with CERT-FI):
2009
XML (several open source libraries, with CERT-FI):
- CERT-FI Advisory
- CVE-2009-3720 (libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software)
- CVE-2009-1885 (Apache Xerces C++ 2.7.0 and 2.8.0)
- CVE-2009-2414 (libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17)
- CVE-2009-2416 (libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17)
- CVE-2009-2625 (Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6)
- List of affected software products and vendors includes (at least): Python Expat, Xerces C++, Libxml2, Sun Java, Xerces Java, OpenJDK, Apple, Google, OpenOffice, Sun StarOffice, Sun StarSuite, Oracle, VMware, ...
Squid (with CERT-FI):
2008
OpenSSL (with CERT-FI):
GnuTLS (with CERT-FI):
- GnuTLS update
- CERT-FI advisory
- CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
NetBSD (with CERT-FI):
SMB libraries:
- Microsoft advisory
- CVE-2008-4038
2007
OpenGGSN (by VTT):
2005
Image libraries (with NISCC):
- Advisory from Microsoft