search menu icon-carat-right cmu-wordmark

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2020-05-18 2020-05-18 2020-05-26 VU#534195 0 Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks
2019-08-14 2019-08-14 2020-05-15 VU#918987 7.8 Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks
2020-05-14 2020-01-28 2020-05-15 VU#366027 7.8 Samsung Qmage codec for Android Skia library does not properly validate image files
2020-04-06 2020-04-06 2020-04-15 VU#660597 0.9 Periscope BuySpeed is vulnerable to stored cross-site scripting
2020-03-23 2020-03-23 2020-04-14 VU#354840 9.0 Microsoft Windows Type 1 font parsing remote code execution vulnerabilities
2020-03-30 2020-03-30 2020-03-30 VU#962085 0.9 Versiant LYNX Customer Service Portal is vulnerable to stored cross-site scripting
2020-03-30 2019-04-12 2020-03-30 VU#944837 6.7 Vertiv Avocent UMG-4000 vulnerable to command injection and cross-site scripting vulnerabilities
2020-01-31 2020-01-28 2020-03-09 VU#390745 10.0 OpenSMTPD vulnerable to local privilege escalation and remote code execution
2020-02-24 2020-02-12 2020-02-26 VU#498544 7.1 ZyXEL pre-authentication command injection in weblogin.cgi
2020-01-17 2020-01-17 2020-02-19 VU#338824 7.1 Microsoft Internet Explorer Scripting Engine memory corruption vulnerability
2020-02-12 2020-02-12 2020-02-13 VU#597809 2.4 IBM ServeRAID Manager exposes unauthenticated Java Remote Method Invocation (RMI) service
2020-01-08 2019-12-17 2020-02-03 VU#619785 7.1 Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP web server vulnerability
2020-01-14 2020-01-14 2020-01-18 VU#491944 5.9 Microsoft Windows Remote Desktop Gateway allows for unauthenticated remote code execution
2020-01-14 2020-01-14 2020-01-15 VU#849224 9.4 Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains
2020-01-14 2020-01-14 2020-01-14 VU#335217 4.9 Content Delivery Networks handle HTTP headers in different and unexpected ways

Sponsored by CISA.