Vulnerabilities > Synopsys

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2024-0226 Cross-site Scripting vulnerability in Synopsys Seeker
Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload.
network
low complexity
synopsys CWE-79
5.4
5.4
2023-04-27 CVE-2023-2158 Use of Hard-coded Credentials vulnerability in Synopsys Code DX
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token.
network
low complexity
synopsys CWE-798
critical
 9.8
9.8
2023-03-29 CVE-2023-1663 Forced Browsing vulnerability in Synopsys Coverity
Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors.
network
low complexity
synopsys CWE-425
5.3
5.3
2023-02-06 CVE-2023-23849 Cross-site Scripting vulnerability in Synopsys Coverity
Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability.
network
low complexity
synopsys CWE-79
6.1
6.1
2022-05-10 CVE-2022-30278 Cross-site Scripting vulnerability in Synopsys Black Duck HUB
A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack.
network
low complexity
synopsys CWE-79
6.1
6.1
2020-11-06 CVE-2020-27589 Improper Certificate Validation vulnerability in Synopsys Hub-Rest-Api-Python
Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases.
network
low complexity
synopsys CWE-295
7.5
7.5
2019-08-05 CVE-2019-3800 Information Exposure vulnerability in multiple products
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. 		7.8
7.8