The Vulnerability Notes Database provides timely information about software vulnerabilities. Vulnerability notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 28 Jan 2015VU#967332GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflowCVE-2015-0235
- 23 Jan 2015VU#546340QPR Portal contains multiple vulnerabilitiesMultiple CVEs
- 23 Jan 2015VU#637068LabTech contains privilege escalation vulnerabilityCVE-2015-0926
- 21 Jan 2015VU#110652iPass Open Mobile Windows Client contains a remote code execution vulnerabilityCVE-2015-0925
- 16 Jan 2015VU#936356Ceragon FiberAir IP-10 Microwave Bridge contains a default root passwordCVE-2015-0924
- 13 Jan 2015VU#117604Panasonic Arbitrator Back-End Server (BES) uses unencrypted communicationUnknown
- 05 Jan 2015VU#976132Some UEFI systems do not properly secure the EFI S3 Resume Boot Path boot scriptCVE-2014-8274
- 05 Jan 2015VU#766164Intel BIOS locking mechanism contains race condition that enables write protection bypassCVE-2014-8273
- 05 Jan 2015VU#533140Tianocore UEFI implementation reclaim function vulnerable to buffer overflowCVE-2014-8271
- 19 Dec 2014VU#561444Multiple broadband routers use vulnerable versions of Allegro RomPagerCVE-2014-9222