search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2002-10-16 2002-10-15 2002-12-12 VU#169841 dvips uses system() function insecurely thereby allowing arbitrary command execution
2001-09-14 2001-07-10 2002-12-12 VU#943633 FreeBSD can be compromised locally via signal handlers
2002-05-24 2002-05-09 2002-12-12 VU#314963 OpenBSD kernel fails to properly check closed file descriptors "0-2" when running setuid program
2002-09-16 2002-03-12 2002-12-10 VU#162723 x_news allows unauthorized users to access administrative menu
2002-09-16 2002-03-28 2002-12-10 VU#152955 IBM AIX FC contains buffer overflow exploitable during session setup
2002-08-09 2002-04-03 2002-12-10 VU#128491 Macromedia Flash Player continues to download flash files until browser is closed
2002-11-19 2002-11-01 2002-12-10 VU#930161 NetScreen Secure Command Shell (SCS) denial-of-service vulnerability
2002-12-09 2002-12-06 2002-12-09 VU#961489 University of Washington IMAP Server vulnerable to buffer overflow after login
2002-06-05 2002-05-29 2002-12-06 VU#779163 Microsoft Exchange 2000 exhausts server resources while attempting to process malformed mail attributes
2002-06-26 2002-06-24 2002-12-06 VU#369347 OpenSSH vulnerabilities in challenge response handling
2001-01-29 2001-01-29 2002-12-06 VU#868916 ISC BIND 4 contains input validation error in nslookupComplain()
2002-12-06 2002-09-18 2002-12-06 VU#865833 Microsoft Windows Remote Desktop Protocol (RDP) uses weak algorithm for encrypting packets
2001-11-20 2001-11-20 2002-12-06 VU#898480 MandrakeSoft Mandrake Linux Apache default configuration sample programs disclose server information
2001-11-21 2001-11-20 2002-12-06 VU#913704 MandrakeSoft Mandrake Linux Apache default configuration enables directory indexing
2002-12-05 2002-11-27 2002-12-06 VU#683673 Sun Solaris priocntl(2) does not adequately validate path to kernel modules that implement lightweight process (LWP) scheduling policy

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis