The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Most Vulnerability Notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD).
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 04 Feb 2016VU#305096Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of ChromiumUnknown
- 03 Feb 2016VU#777024Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilitiesMultiple CVEs
- 02 Feb 2016VU#544527OpenELEC and RasPlex have a hard-coded SSH root passwordUnknown
- 02 Feb 2016VU#719736Fisher-Price Smart Toy platform allows some unauthenticated web API commandsCVE-2015-8269
- 01 Feb 2016VU#972224Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queriesCVE-2015-8265
- 28 Jan 2016VU#257823OpenSSL re-uses unsafe prime numbers in Diffie-Hellman protocolMultiple CVEs
- 21 Jan 2016VU#992624Harman AMX multimedia devices contain hard-coded credentialsCVE-2015-8362
- 20 Jan 2016VU#916896Oracle Outside In 8.5.2 contains multiple stack buffer overflowsMultiple CVEs
- 20 Jan 2016VU#772447ffmpeg and Libav cross-domain information disclosure vulnerabilityMultiple CVEs
- 14 Jan 2016VU#456088OpenSSH Client contains a client information leak vulnerability and buffer overflowMultiple CVEs