search menu icon-carat-right cmu-wordmark
ATTENTION: VINCE web interface and API interfaces will be down for maintenance from 1200 EDT on Tuesday, March 19, 2024, until no later than 0900 EDT Wednesday, March 20, 2024.

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2023-02-28 2023-02-28 2024-03-04 VU#782720 TCG TPM2.0 implementations vulnerable to memory corruption
2023-01-17 2023-01-17 2023-01-23 VU#572615 Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2
2023-01-17 2023-01-17 2023-01-17 VU#986018 New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities
2022-11-16 2022-01-10 2023-04-04 VU#709991 Netatalk contains multiple error and memory management vulnerabilities
2022-11-08 2022-11-08 2023-01-25 VU#434994 Multiple race conditions due to TOCTOU flaws in various UEFI Implementations
2022-11-01 2022-11-01 2024-03-08 VU#794340 OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly
2022-10-07 2022-10-07 2023-07-13 VU#730793 Heimdal Kerberos vulnerable to remotely triggered NULL pointer dereference
2022-10-03 2022-10-03 2022-11-10 VU#915563 Microsoft Exchange vulnerable to server-side request forgery and remote code execution.
2022-09-27 2022-09-27 2023-06-14 VU#855201 L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers
2022-08-11 2022-08-11 2024-03-04 VU#309662 Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass
2022-08-04 2022-08-04 2022-08-05 VU#495801 muhttpd versions 1.1.5 and earlier are vulnerable to path traversal
2022-06-21 2022-06-21 2022-06-21 VU#142546 SMA Technologies OpCon UNIX agent adds the same SSH key to all installations
2022-05-09 2022-05-02 2023-04-04 VU#473698 uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID
2022-04-28 2022-04-28 2022-04-28 VU#730007 Tychon is vulnerable to privilege escalation due to OPENSSLDIR location
2022-04-28 2010-10-10 2022-04-29 VU#411271 Qt allows for privilege escalation due to hard-coding of qt_prfxpath value

Sponsored by CISA.