The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Most Vulnerability Notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD).
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 31 Jul 2015VU#360431Chiyu Technology fingerprint access control contains multiple vulnerabilitiesMultiple CVEs
- 30 Jul 2015VU#577140BIOS implementations fail to properly set UEFI write protections after waking from sleep modeMultiple CVEs
- 28 Jul 2015VU#924951Android Stagefright contains multiple vulnerabilitiesMultiple CVEs
- 24 Jul 2015VU#819439Fiat Chrysler Automobiles UConnect allows a vehicle to be remotely controlledUnknown
- 24 Jul 2015VU#857948Honeywell Tuxedo Touch Controller contains multiple vulnerabilitiesMultiple CVEs
- 20 Jul 2015VU#912036N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator passwordUnknown
- 20 Jul 2015VU#813631Total Commander File Info plugin vulnerable to denial of service via an out-of-bounds readCVE-2015-2869
- 13 Jul 2015VU#919604Kaseya Virtual System Administrator contains multiple vulnerabilitiesMultiple CVEs
- 12 Jul 2015VU#918568Adobe Flash ActionScript 3 BitmapData memory corruption vulnerabilityCVE-2015-5123
- 11 Jul 2015VU#338736Adobe Flash ActionScript 3 opaqueBackground use-after-free vulnerabilityCVE-2015-5122