search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2006-06-06 2006-05-18 2006-06-07 VU#466428 Skype URI handler fails to properly parse parameters
2005-02-08 2005-02-08 2005-02-08 VU#927889 Microsoft OLE buffer overflow
2003-06-24 2003-05-28 2003-09-18 VU#479268 Apache HTTPD contains denial of service vulnerability in basic authentication module
2006-04-11 2006-04-11 2006-11-02 VU#234812 RDS.Dataspace ActiveX control bypasses ActiveX security model
2008-01-15 2008-01-15 2008-07-22 VU#347812 UPnP enabled by default in multiple devices
2007-09-07 2007-09-07 2009-04-13 VU#466433 Web sites may transmit authentication tokens unencrypted
2006-10-11 2006-10-02 2006-11-08 VU#788860 Trend Micro OfficeScan Management Console ActiveX control format string vulnerability
2003-07-18 1998-05-21 2004-02-23 VU#12212 Weaknesses in MIT magic cookie and XDM X Windows authorization
2007-01-09 2007-01-09 2007-01-26 VU#271860 Microsoft Outlook fails to properly parse Office Saved Searches (.oss) files
2001-02-06 1998-01-20 2001-10-25 VU#19124 SSH authentication agent follows symlinks via a UNIX domain socket
2004-04-07 2004-04-07 2004-04-23 VU#659228 Cisco WLSE and HSE devices contain hardcoded username and password
2006-04-11 2006-04-11 2006-04-11 VU#824324 Microsoft Internet Explorer fails to properly handle HTML elements with a specially crafted tag
2001-04-10 2001-04-10 2001-04-11 VU#212088 Alcatel ADSL modems contain a null default password
2002-09-27 2001-05-10 2002-09-27 VU#910624 Microsoft Windows 2000 Indexing Service permits read access to files outside web root via crafted request
2007-03-13 2007-01-28 2007-03-13 VU#363112 Apple CrashDump privilege escalation

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis