The Vulnerability Notes Database provides timely information about software vulnerabilities. Vulnerability notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 18 Nov 2014VU#213119Microsoft Windows Kerberos Key Distribution Center (KDC) fails to properly validate Privilege Attribute Certificate (PAC) signatureCVE-2014-6324
- 13 Nov 2014VU#158647Microsoft Windows Object Linking and Embedding (OLE) OleAut32 library SafeArrayRedim function vulnerable to remote code execution via Internet ExplorerCVE-2014-6332
- 13 Nov 2014VU#505120Microsoft Secure Channel (Schannel) vulnerable to remote code execution via specially crafted packetsCVE-2014-6321
- 07 Nov 2014VU#432608IBM Notes Traveler for Android transmits user credentials over HTTPCVE-2014-6130
- 03 Nov 2014VU#210620uIP and lwIP DNS resolver vulnerable to cache poisoningCVE-2014-4883
- 31 Oct 2014VU#447516Linksys SMART WiFi firmware contains multiple vulnerabilitiesMultiple CVEs
- 29 Oct 2014VU#973460drchrono Electronic Health Record (EHR) web applications vulnerable to cross-site scripting and cross-site request forgeryUnknown
- 28 Oct 2014VU#685996GNU Wget creates arbitrary symbolic links during recursive FTP downloadCVE-2014-4877
- 23 Oct 2014VU#184540Incorrect implementation of NAT-PMP in multiple devicesUnknown
- 17 Oct 2014VU#577193POODLE vulnerability in SSL 3.0CVE-2014-3566