The Vulnerability Notes Database provides timely information about software vulnerabilities. Vulnerability notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 17 May 2013VU#774103Linux kernel perf_swevent_enabled array out-of-bound access privilege escalation vulnerabilityCVE-2013-2094
- 15 May 2013VU#701572Mutiny Appliance contains multiple directory traversal vulnerabilitiesCVE-2013-0136
- 14 May 2013VU#127108Serva32 2.1.0 TFTPD service buffer overflow vulnerabilityCVE-2013-0145
- 14 May 2013VU#113732Adobe ColdFusion 9 & 10 code injection vulnerabilityCVE-2013-1389
- 06 May 2013VU#237655Microsoft Internet Explorer 8 CGenericElement object use-after-free vulnerabilityCVE-2013-1347
- 29 Apr 2013VU#209131McAfee ePolicy Orchestrator 4.6.4 and earlier pre-authenticated SQL injection and directory path traversal vulnerabilitiesMultiple CVEs
- 26 Apr 2013VU#948155Henry Schein Dentrix G5 uses hard-coded database credentials shared across multiple installationsCVE-2012-4952
- 25 Apr 2013VU#521612Citrix NetScaler and Access Gateway Enterprise Edition unauthorized access to network resources vulnerabilityCVE-2013-2767
- 19 Apr 2013VU#131263avast! Mobile Security Android application denial-of-service vulnerabilityCVE-2013-0122