search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2007-01-31 2007-01-25 2007-02-12 VU#102465 PGP Desktop service fails to validate user supplied data
2005-02-04 2005-01-17 2005-02-11 VU#924198 Squid LDAP authentication routines fail to check for invalid input
2000-10-31 2000-05-12 2000-10-31 VU#35626 Office 2000 UA Control incorrectly marked safe for scripting
2001-10-24 2001-02-08 2003-05-20 VU#945216 SSH CRC32 attack detection code contains remote integer overflow
2004-09-16 2004-08-26 2004-09-17 VU#339089 star fails to set proper permissions on programs specified in RSH environment variable
2005-08-19 2005-03-01 2007-10-11 VU#680526 Microsoft Internet Explorer can use any COM object
2004-11-03 2004-11-03 2004-11-03 VU#858726 MailPost discloses sensitive system information when operating in debug mode
2004-07-30 2004-02-15 2004-07-31 VU#266926 Microsoft Internet Explorer contains an integer overflow in the processing of bitmap files
2004-03-23 2004-02-03 2004-03-23 VU#801526 util-linux login program discloses sensitive information
2006-10-12 2006-10-10 2006-10-12 VU#921300 Microsoft Word vulnerable to remote code execution
2006-04-20 2006-04-18 2006-04-20 VU#797465 Oracle Advanced Replication SQL injection vulnerability
2005-02-08 2005-02-08 2005-02-09 VU#823971 Microsoft Internet Explorer contains a Channel Definition Format (CDF) cross-domain vulnerability
2004-07-12 2004-07-01 2004-07-21 VU#645326 MySQL fails to properly handle overly long "scramble" values
2001-09-18 2001-05-14 2001-09-18 VU#137544 Microsoft IIS FTP service searches all trusted domains for user accounts
2000-12-04 2000-09-25 2003-01-27 VU#382365 LPRng can pass user-supplied input as a format string parameter to syslog() calls

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis