search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2001-08-29 2001-06-06 2001-08-30 VU#149424 Outlook Web Access (OWA) executes scripts contained in email attachment opened via Microsoft Internet Explorer (IE)
2006-12-13 2006-12-07 2006-12-15 VU#885665 MySpace fails to properly filter user-supplied content
2002-10-11 2002-06-12 2003-08-05 VU#879386 Multiple buffer overflow vulnerabilities in QNX
2006-11-22 2006-11-20 2007-03-20 VU#367424 Apple Mac OS X fails to properly handle corrupted DMG image structures
2004-04-14 2004-04-13 2004-04-14 VU#255924 Microsoft Windows ASN.1 library contains a memory management vulnerability
2007-04-19 2007-04-19 2007-04-23 VU#312424 Apple AFP Client privilege escalation vulnerability
2007-09-07 2007-09-07 2009-04-13 VU#466433 Web sites may transmit authentication tokens unencrypted
2006-07-27 2006-07-25 2007-02-09 VU#239124 Mozilla fails to properly handle simultaneous XPCOM events
2002-08-05 2002-03-05 2002-08-05 VU#159907 Talentsoft Web+ contains buffer overflow in "webpsvc.exe"
2007-08-15 2007-08-14 2007-08-15 VU#558648 Microsoft Windows Vista Feed Headlines Gadget vulnerability
2001-02-06 1998-01-20 2001-10-25 VU#19124 SSH authentication agent follows symlinks via a UNIX domain socket
2007-06-15 2004-08-30 2007-06-21 VU#793433 Novell exteNd Director 4.1 LocalExec ActiveX control fails to restrict access to dangerous methods
2006-04-11 2006-04-11 2006-04-11 VU#824324 Microsoft Internet Explorer fails to properly handle HTML elements with a specially crafted tag
2001-05-01 2001-03-26 2004-02-23 VU#249224 Hewlett-Packard HP-UX newgrp command does not function properly
2004-07-27 2004-07-21 2004-08-05 VU#760432 Cisco Transaction Language 1 (TL1) interface fails to properly validate accounts with blank passwords

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis