search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2001-08-21 2000-10-31 2001-08-21 VU#153653 Linux dump uses environment variables insecurely, allowing for root compromise
2000-10-27 2000-10-27 2002-03-05 VU#28027 Distributed GL Daemon (DGLD) allows attackers to identify IRIX systems
2000-11-08 2000-10-25 2004-03-30 VU#683677 Cisco IOS software vulnerable to DoS via HTTP request containing "?/"
2000-12-12 2000-10-24 2001-01-18 VU#470543 Sun Microsystems Keys exposed and revoked
2001-07-12 2000-10-18 2001-07-12 VU#118277 The Oracle Internet Directory LDAP (oidldapd) contains buffer overflow
2000-11-20 2000-10-10 2001-09-18 VU#111677 Microsoft IIS 4.0 / 5.0 vulnerable to directory traversal via extended unicode in url
2000-11-07 2000-10-03 2001-03-30 VU#369427 Format string vulnerability in libutil pw_error(3) function
2002-04-05 2000-10-03 2002-04-05 VU#683765 AOL Instant Messenger vulnerable to denial of service via crafted file name
2000-12-14 2000-09-26 2001-01-17 VU#800893 Microsoft Internet Explorer vulnerable to file disclosure via code containing GetObject() function
2001-07-24 2000-09-26 2001-07-31 VU#664141 Debian glibc 2 symlink issue could allow arbitrary file overwriting
2000-09-26 2000-09-26 2001-10-25 VU#22404 telnet and rlogin URLs disclose sensitive information, including Environment variables
2000-12-04 2000-09-25 2003-01-27 VU#382365 LPRng can pass user-supplied input as a format string parameter to syslog() calls
2001-05-17 2000-08-31 2001-06-21 VU#686403 ld.so fails to unset LD_PRELOAD before executing suid root programs
2000-10-06 2000-08-24 2000-11-29 VU#747124 ADK flaw in recent versions of PGP
2001-11-27 2000-08-10 2002-06-20 VU#635463 Microsoft SQL Server and Microsoft Data Engine (MSDE) ship with a null default password

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis