[dijit]

Except that "EXACT MATCH" is enabled, try yourself.

(It should be noted that it /does/ match on "possible RCE", which buffer overflows are often tagged with.)

[detaro]

I have. Search for "ontgome" and it finds the bugs containing "Montgomery" (I have taken your url and just replaced the search word):

https://nvd.nist.gov/vuln/search/results?form_type=Advanced&...

I'm not saying none of the results from your search are RCEs, but not all are, and many are fairly speculative.

[dijit]

Argh, that's frustrating, I checked 4 of them and thought it was fine.

The problem is that there seem to be many classifications of remote code execution including buffer overflow and "code injection" and you can't choose multiple. :(

[detaro]

Yes, I also was surprised that the search didn't have more useful tools (e.g. search by high ranking in individual factors, or even just sort by severity: confirmed RCEs should all by very high)