search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2024-03-19 2024-03-19 2024-10-03 VU#417980 Implementations of UDP-based application protocols are vulnerable to network loops
2024-09-19 2024-09-19 2024-09-19 VU#138043 A stack-based overflow vulnerability exists in the Microchip Advanced Software Framework (ASF) implementation of the tinydhcp server
2024-04-30 2024-04-30 2024-08-23 VU#163057 BMC software fails to validate IPMI session.
2021-01-19 2021-01-19 2024-08-19 VU#434904 Dnsmasq is vulnerable to memory corruption and cache poisoning
2024-07-30 2024-07-30 2024-08-06 VU#244112 Multiple SMTP services are susceptible to spoofing attacks due to insufficient enforcement
2024-04-03 2024-04-03 2024-07-19 VU#421644 HTTP/2 CONTINUATION frames can be utilized for DoS attacks
2018-08-14 2018-08-14 2024-07-15 VU#857035 7.9 IKEv1 Main Mode vulnerable to brute force attacks
2024-07-09 2024-07-09 2024-07-10 VU#312260 Use-after-free vulnerability in lighttpd version 1.4.50 and earlier
2024-04-10 2024-04-10 2024-05-13 VU#123335 Multiple programming languages fail to escape arguments properly in Microsoft Windows
2022-11-08 2022-11-08 2024-05-06 VU#434994 Multiple race conditions due to TOCTOU flaws in various UEFI Implementations
2024-04-29 2024-04-29 2024-05-03 VU#238194 R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files
2024-04-16 2024-02-23 2024-04-18 VU#253266 Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models
2021-12-15 2021-11-29 2024-04-17 VU#930724 Apache Log4j allows insecure JNDI lookups
2024-03-14 2024-03-14 2024-03-19 VU#488902 CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions
2024-03-07 2024-03-07 2024-03-18 VU#949046 Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file upload attacks

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis