search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2018-04-10 2018-04-10 2019-01-10 VU#974272 4.1 Microsoft Outlook retrieves remote OLE content without prompting
2018-03-29 2018-03-27 2018-04-24 VU#277400 5.9 Windows 7 and Windows Server 2008 R2 x64 fail to protect kernel memory when the Microsoft update for meltdown is installed
2018-02-27 2018-02-27 2018-06-05 VU#475445 4.9 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
2018-08-21 2018-02-21 2019-03-13 VU#332928 6.8 Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities
2018-02-15 2018-02-15 2018-02-19 VU#940439 7.3 Quagga bgpd is affected by multiple vulnerabilities
2018-03-27 2018-02-07 2018-03-27 VU#184077 8.7 Navarino Infinity web interface is affected by multiple vulnerabilities.
2018-02-01 2018-02-01 2018-02-01 VU#319904 3.0 Pulse Secure Linux client GUI fails to validate SSL certificates
2018-01-04 2018-01-03 2022-01-07 VU#584653 5.1 CPU hardware vulnerable to side-channel attacks
2017-12-12 2017-12-12 2018-04-09 VU#144389 4.2 TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding
2017-11-21 2017-11-21 2017-11-21 VU#681983 1.3 Install Norton Security for Mac does not verify SSL certificates
2017-11-17 2017-11-16 2017-11-20 VU#817544 0 Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard
2017-11-15 2017-11-14 2017-11-20 VU#421280 5.5 Microsoft Office Equation Editor stack buffer overflow
2017-11-29 2017-11-13 2017-11-30 VU#113765 4.6 Apple MacOS High Sierra disabled account authentication bypass
2017-11-03 2017-11-01 2017-11-09 VU#739007 6.2 IEEE P1735 implementations may have weak cryptographic protections
2017-10-16 2017-10-16 2017-11-16 VU#228519 5.7 Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis