search menu icon-carat-right cmu-wordmark

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated VU# CVSS Title
2018-08-14 2018-08-14 2018-08-17 VU#857035 7.9 IKEv1 Main Mode vulnerable to brute force attacks
2018-08-03 2013-06-09 2018-08-03 VU#307144 0 mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR
2018-01-04 2018-01-03 2018-07-03 VU#584653 5.1 CPU hardware vulnerable to side-channel attacks
2018-05-21 2018-05-21 2018-06-19 VU#180049 3.4 CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks
2018-05-23 2018-05-22 2018-06-13 VU#338343 3.9 strongSwan VPN charon server vulnerable to buffer underflow
2018-05-08 2018-05-08 2018-06-06 VU#631579 5.3 Hardware debug exception documentation may result in unexpected behavior
2018-02-27 2018-02-27 2018-06-05 VU#475445 4.9 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal
2018-05-14 2018-05-14 2018-05-15 VU#122919 0 OpenPGP and S/MIME mail client vulnerabilities
2018-05-03 2018-05-03 2018-05-03 VU#283803 2.7 Integrated GPUs may allow side-channel and rowhammer attacks using WebGL ("Glitch")
2018-03-29 2018-03-27 2018-04-24 VU#277400 5.9 Windows 7 and Windows Server 2008 R2 x64 fail to protect kernel memory when the Microsoft update for meltdown is installed
2017-12-12 2017-12-12 2018-04-09 VU#144389 4.2 TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding
2016-08-15 2016-08-15 2018-04-04 VU#905344 3.4 HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected
2018-03-19 2012-03-20 2018-04-04 VU#306792 1.7 Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions
2018-03-27 2018-02-07 2018-03-27 VU#184077 8.7 Navarino Infinity web interface is affected by multiple vulnerabilities.
2012-07-24 2012-07-20 2018-03-21 VU#108471 7.9 Symantec Web Gateway contains multiple vulnerabilities

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.