search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2002-12-13 2002-11-20 2003-05-16 VU#958321 Samba contains a remotely exploitable stack buffer overflow
2003-06-27 2003-06-22 2003-09-03 VU#823260 Microsoft Windows HTML conversion library vulnerable to buffer overflow
2005-03-17 2005-03-17 2005-04-20 VU#131828 NotifyLink web client fails to adequately restrict access to administrative functions
2006-07-11 2006-07-11 2006-07-13 VU#257164 Microsoft DHCP Client service contains a buffer overflow
2006-09-28 2006-09-28 2007-02-09 VU#247744 OpenSSL may fail to properly parse invalid ASN.1 structures
2006-06-21 2006-06-18 2006-08-22 VU#394444 Microsoft Hyperlink Object Library stack buffer overflow
2006-03-14 2005-12-07 2006-03-14 VU#642428 Microsoft Excel fails to properly perform range validation when parsing document files
2005-10-21 2005-10-18 2005-10-24 VU#171364 Oracle Application Server SQL*ReportWriter vulnerability
2001-03-04 2001-03-03 2001-03-27 VU#320944 RhinoSoft FTP Voyager FtpTree incorrectly marked "safe for scripting"
2006-01-25 2006-01-17 2006-01-27 VU#891644 Oracle Database XML Database SQL Injection vulnerability
2006-08-02 2006-08-01 2006-08-14 VU#172244 Apple Mac OS X ImageIO vulnerable to integer overflow via specially crafted Radiance image
2007-07-23 2007-06-20 2007-07-24 VU#200928 VLC Media Player format string vulnerability
2007-02-23 2007-02-22 2007-03-07 VU#393921 Mozilla Firefox fails to properly handle JavaScript onUnload events
2004-04-16 2004-04-03 2004-04-16 VU#900964 FTE fails to properly validate environment variables
2005-02-21 2004-12-23 2005-03-10 VU#716144 Verity Ultraseek contains a cross-site scripting vulnerability in the processing of search requests

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis