Vulnerability Notes Database
US-CERT publishes information about vulnerabilities in the Vulnerability Notes Database. Vulnerability notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
Recently published vulnerability notes are available via an Atom feed. US-CERT also publishes information about vulnerabilities in Current Activity and Alerts.
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems (see also ICS-CERT), or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt to the US-CERT and CERT PGP keys.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 16 May 2012VU#859230HP Business Service Management 9.12 remote code execution vulnerabilityCVE-2012-2561
- 03 May 2012VU#520827PHP-CGI query string parameter vulnerabilityMultiple CVEs
- 01 May 2012VU#359816Oracle database TNS listener vulnerabilityCVE-2012-1675
- 24 Apr 2012VU#889195RuggedCom Rugged Operating System (ROS) contains hard-coded user account with predictable passwordCVE-2012-1803
- 10 Apr 2012VU#400619Pluck SiteLife software multiple XSS vulnerabilitiesCVE-2012-0253
- 02 Apr 2012VU#232979Multiple vulnerabilities in Intuit QuickBooksUnknown
- 02 Apr 2012VU#928795Netgear FVS318N router default remote management vulnerabilityUnknown
- 02 Apr 2012VU#834723TP-Link 8840T DSL router default remote management vulnerabilityUnknown
- 23 Mar 2012VU#551715Quagga contains multiple vulnerabilitiesMultiple CVEs
- 22 Mar 2012VU#743555@Mail Open webmail client contains multiple vulnerabilitiesUnknown