search menu icon-carat-right cmu-wordmark
ATTENTION: VINCE web interface and API interfaces will be down for maintenance from 1200 EDT on Tuesday, March 19, 2024, until no later than 0900 EDT Wednesday, March 20, 2024.

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2020-01-31 2020-01-28 2020-03-09 VU#390745 10.0 OpenSMTPD vulnerable to local privilege escalation and remote code execution
2019-01-04 2018-11-12 2019-01-04 VU#531281 9.7 Microsoft Windows DNS servers are vulnerable to heap overflow
2014-09-25 2014-09-24 2015-04-14 VU#252743 9.6 GNU Bash shell executes commands in exported functions in environment variables
2013-01-10 2013-01-10 2013-06-12 VU#625617 9.5 Java 7 fails to restrict access to privileged code
2012-08-27 2012-08-26 2013-01-16 VU#636312 9.5 Oracle Java JRE 1.7 Expression.execute() and SunToolkit.getField() fail to restrict access to privileged code
2014-04-27 2014-04-26 2014-05-07 VU#222929 9.5 Microsoft Internet Explorer CMarkup use-after-free vulnerability
2010-08-02 2010-08-02 2020-09-02 VU#362332 9.5 Wind River Systems VxWorks debug service enabled by default
2014-02-14 2014-02-13 2014-02-20 VU#732479 9.5 Internet Explorer CMarkup use-after-free vulnerability
2010-08-02 2010-08-02 2014-06-02 VU#840249 9.5 Wind River Systems VxWorks weak default hashing algorithm in standard authentication API (loginLib)
2020-01-14 2020-01-14 2020-01-15 VU#849224 9.4 Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains
2013-03-05 2013-03-04 2013-06-14 VU#688246 9.4 Oracle Java contains multiple vulnerabilities
2011-12-27 2011-12-27 2012-05-10 VU#723755 9.3 WiFi Protected Setup (WPS) PIN brute force vulnerability
2014-08-07 2014-08-07 2014-09-12 VU#578598 9.2 Iridium Pilot and OpenPort contain multiple vulnerabilities
2020-03-23 2020-03-23 2020-04-14 VU#354840 9.0 Microsoft Windows Type 1 font parsing remote code execution vulnerabilities
2012-05-16 2012-05-16 2012-05-16 VU#859230 9 HP Business Service Management 9.12 remote code execution vulnerability

Sponsored by CISA.