The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Most Vulnerability Notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD).
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 19 Jul 2016VU#682704Misys FusionCapital Opics Plus contains multiple vulnerabilitiesMultiple CVEs
- 19 Jul 2016VU#790839Objective Systems ASN1C generates code that contains a heap overflow vulnerabilityCVE-2016-5080
- 18 Jul 2016VU#797896CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variablesMultiple CVEs
- 13 Jul 2016VU#665280Accela Civic Platform Citizen Access portal contains multiple vulnerabilitiesMultiple CVEs
- 12 Jul 2016VU#123799libbpg contains a type confusion vulnerability that leads to out of bounds writeCVE-2016-5637
- 05 Jul 2016VU#690343Acer Portal app for Android does not properly validate SSL certificatesCVE-2016-5648
- 23 Jun 2016VU#302544Alertus Desktop Notification for OS X sets insecure permissions for configuration and other filesCVE-2016-5087
- 20 Jun 2016VU#143335mDNSResponder contains multiple memory-based vulnerabilitiesMultiple CVEs
- 15 Jun 2016VU#748992Adobe Flash memory corruption vulnerabilityCVE-2016-4171
- 10 Jun 2016VU#778696Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypassMultiple CVEs