Welcome to the US-CERT Vulnerability Notes DatabaseUS-CERT publishes information about a wide variety of vulnerabilities. Vulnerabilities that meet a certain severity threshold are described in US-CERT Technical Alerts. It is difficult, however, to measure the severity of a vulnerability in a way that is appropriate for all users. For example, a severe vulnerability in a rarely used application might not qualify for publication as a technical alert but might be very important to a system administrator who runs the vulnerable application. US-CERT Vulnerability Notes provide a way to publish information about these less-severe vulnerabilities.
Vulnerability notes include technical descriptions of the vulnerability, as well as the impact, solutions and workarounds, and lists of affected vendors. You can search the vulnerability notes database, or you can browse by several key fields. Help is available for customizing search queries and view features. You can customize database queries to obtain specific information, such as the ten most recently updated vulnerabilities or the twenty vulnerabilities with the highest severity metric.
We also offer an Atom feed that lists the 30 most recently published vulnerability notes.
Communicating with usTo report a vulnerability, please use the CERT Vulnerability Reporting Form. Alternatively, you can send us email with as much information as you can provide. To protect sensitive, non-public vulnerability information, please encrypt to the US-CERT and CERT PGP keys.
To provide feedback about a vulnerability note, please send email with the appropriate VU# number(s) in the subject line.
We appreciate your comments and suggestions.
|
 |
|
Search Vulnerability Notes |
| |
Recent Vulnerability Notes
|
| VU#836068 | MD5 vulnerable to collision attacks |
| VU#541025 | Trend Micro HouseCall ActiveX control does not adequately validate update server parameters |
| VU#702628 | Trend Micro HouseCall ActiveX control notifyOnLoadNative() uses previously free'd memory |
| VU#696644 | Microsoft SQL Server fails to properly validate parameters to the sp_replwriterovarbin extended stored procedure |
| VU#981849 | Automated Solutions Modbus TCP Slave ActiveX Control Vulnerability |
| VU#926676 | Microsoft WordPad Text Converter vulnerable to remote code execution |
| VU#493881 | Microsoft Internet Explorer data binding memory corruption vulnerability |
| VU#468227 | Microsoft Vista and Server 2008 vulnerable to memory corruption via saved search |
| VU#639345 | Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX control stack buffer overflow |
| VU#528993 | Linksys WVC54GC wireless video camera vulnerable to information disclosure |
|
|
Get Adobe Reader 