search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2001-08-10 2000-05-30 2001-08-10 VU#26188 Keys generated with PGP5i batch mode do not contain sufficient randomness on systems that use /dev/random
2001-05-30 2000-05-29 2001-05-30 VU#32448 Due to insecure creation of configuration files via KApplication-class, local users can create arbitrary files when running setuid root KDE programs
2001-08-10 2000-05-25 2004-02-23 VU#37526 0 Netscape fails to revalidate certificates if a user has previously acknowledged a certificate to be non-matching
2001-08-27 2000-05-23 2001-08-27 VU#104823 Cayman gateways vulnerable to a denial of service via oversized ICMP echo (ping) requests.
2000-10-19 2000-05-16 2003-04-11 VU#38336 MIT Kerberos 5 ksu may allow either the '-r' or '-l' time-interval parameter to overflow the stack with the characters ''d', 'h', 'm', or 's'
2000-11-16 2000-05-13 2001-01-11 VU#31994 MS ActiveMovieControl Object downloads arbitrary files
2000-10-31 2000-05-12 2000-10-31 VU#35626 Office 2000 UA Control incorrectly marked safe for scripting
2001-05-25 2000-05-11 2001-08-07 VU#35085 Microsoft Internet Information Server (IIS) discloses contents of files via crafted request for .htr file
2002-01-31 2000-05-08 2002-01-31 VU#24447 AOL Instant Messenger exposes local file path during file transfers
2001-08-27 2000-05-05 2001-08-27 VU#36312 Cayman gateways are vulnerable to a denial of sevices via a long username or password
2000-12-15 2000-05-01 2001-01-17 VU#33433 Filemaker Pro 5.0v3 and below does not adequately protect web-enabled databases
2000-11-09 2000-04-26 2004-03-30 VU#24346 Cisco IOS software vulnerable to DoS via HTTP request containing "%%"
2002-07-22 2000-04-14 2002-08-30 VU#458659 Microsoft Windows domain name resolver service accepts responses from non-queried DNS servers by default
2002-09-27 2000-04-03 2002-09-27 VU#26493 MS Excel XLM Text Macro execution fails to trigger warning when default medium security set
2002-04-02 2000-03-27 2008-05-06 VU#24140 Linux kernel IP Masquerading "destination loose" (DLOOSE) configuration passes arbitrary UDP traffic

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis