Download Brochure

Contact Sales

Product Education

Community

< Silicon Design & Verification

Community

Community SNUG Partners Academic Programs Company Blogs

< Silicon IP

Resources

+ Read + Watch + Community

Software Vulnerabilities Found with Synopsys

Advisories

Note that some of these vulnerabilities have been found by our customers individually using our tools and security testing services.

2018

CVE-2018-18907 authentication bypass vulnerability in D-Link DIR-850L wireless router

2017

Apple products Bluetooth component

CVE-2017-2420

Linux NFSD implementation

2016

Apple products Bluetooth component

CVE-2016-7596

2015

PolarSSL Remote attack using crafted certificates

PolarSSL Security Advisory on CVE-2015-1182

OpenSSL Certificate fingerprints can be modified

OpenSSL Advisory on CVE-2014-8275

Multiple errors in DCE-RPC code

CVE-2015-5370

2014

Crash with SRP Ciphersuite in Server Hello Message

OpenSSL Advisory on CVE-2014-5139

PolarSSL Denial of Service against GCM enabled servers

PolarSSL Security Advisory

Vulnerabilities fixed in the OpenSSL library

Finnish Communications Regulatory Authority, NCSC-FI Vulnerability Coordination

GnuTLS Hello Vulnerability

The Official Radare Blog

Vulnerability in BIND

Heartbleed

SCTP Linux Kernel Panic

Heimdal in Apple OS X allows remote DoS

A reachable abort existed in the handling of ASN.1 data
CVE-2014-1316 Description

Apple TLS Bug

Understanding the Apple TLS Bug

2013

Vulnerability in Oracle

Oracle critical patch update

Apple remote DoS (CVE 2013-5140)

Apple iOS before 7 allows remote denial of service via an invalid packet fragment

2012

Two vulnerabilities in the ISC DHCP server implementation

RSA signature verification vulnerability in strongSwan

Invalid TLS/DTLS record vulnerability in OpenSSL

Large Host: header can crash the Apache Traffic Server

Two vulnerabilities in ImageMagick - Invalid Validation and Denial of Service

CERT-FI Advisory on issues in ImageMagick
ImageMagick Invalid Validation and Denial of Service
CVE-2012-0247
CVE-2012-0248

2011

Vulnerability in open source Bluetooth bluez-hcidump

Five vulnerabilities in the BGP and OSPF daemons of Quagga

2010

Two vulnerabilities in the BGP daemon of Quagga

SMB Stack Exhaustion Vulnerability

MS10-054 - Vulnerabilities in SMB Server Could Allow Remote Code Execution
Microsoft Security Bulletin Summary for August 2010
CVE-2010-2552

Two vulnerabilities in OpenLDAP

Linux SCTP INIT message handling

Lexmark vulnerabilities in HTTP and SSL

Microsoft SMB implementations

Microsoft Security Bulletin MS10-012
CVE-2010-0020

Linux Kernel (with CERT-FI):

2009

XML (several open source libraries, with CERT-FI):

CERT-FI Advisory
CVE-2009-3720 (libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software)
CVE-2009-1885 (Apache Xerces C++ 2.7.0 and 2.8.0)
CVE-2009-2414 (libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17)
CVE-2009-2416 (libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17)
CVE-2009-2625 (Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6)
List of affected software products and vendors includes (at least): Python Expat, Xerces C++, Libxml2, Sun Java, Xerces Java, OpenJDK, Apple, Google, OpenOffice, Sun StarOffice, Sun StarSuite, Oracle, VMware, ...

Squid (with CERT-FI):

2008

OpenSSL (with CERT-FI):

GnuTLS (with CERT-FI):

GnuTLS update
CERT-FI advisory
CVE-2008-1948, CVE-2008-1949, CVE-2008-1950

NetBSD (with CERT-FI):

SMB libraries:

Microsoft advisory
CVE-2008-4038

2007

OpenGGSN (by VTT):

Advisory from VTT

2005

Image libraries (with NISCC):

Advisory from Microsoft

2004

OpenSSL (with NISCC and RedHat):

Red Hat
CVE-2004-0081

Apache (with NISCC and RedHat):