search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2004-08-04 2004-08-04 2004-08-04 VU#160448 libpng integer overflow in image height processing
2006-09-19 2006-06-19 2011-07-22 VU#773548 gzip contains a .bss buffer overflow in its LZH handling
2006-09-13 2006-09-12 2006-09-13 VU#540348 Apple QuickTime fails to properly handle FlashPix files
2006-10-04 2006-09-27 2007-03-13 VU#787448 OpenSSH fails to properly handle multiple identical blocks in a SSH packet
2007-01-30 2007-01-30 2007-03-30 VU#726548 Voice mail systems allow administrative access based on Caller ID
2004-11-08 2004-10-18 2004-11-08 VU#830214 Nortel Networks Contivity VPN Client information leakage vulnerability
2005-05-19 2005-05-19 2005-05-19 VU#443370 Groove Virtual Office sets insecure permissions on installation components
2003-06-23 2003-05-07 2003-06-23 VU#317348 Cisco VPN 3000 Concentrator forces device to reload when processing malformed SSH initialization packet
2004-04-30 2004-01-26 2004-05-06 VU#404470 Gaim contains an off-by-one buffer overflow vulnerability in the yahoo_decode() function
2004-09-13 2004-09-08 2004-09-15 VU#914870 Apple QuickTime Streaming Server vulnerable to DoS
2002-05-23 1999-02-22 2002-05-23 VU#28370 Taskpads ActiveX Control incorrectly marked safe-for-scripting
2004-09-03 2004-06-21 2004-09-08 VU#976470 Sun Enterprise Storage Manager may allow an unprivileged local user to gain root access
2004-06-11 2004-05-12 2004-06-11 VU#950070 BEA WebLogic Server contains vulnerability in handling of certain tags when editing "weblogic.xml"
2011-04-18 2011-04-17 2012-01-25 VU#243670 Wireshark DECT dissector vulnerability
2004-01-14 2003-12-22 2004-01-21 VU#371470 Whale Communications e-Gap security appliance discloses source code via HTTP TRACE Method

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis