Welcome to the US-CERT Vulnerability Notes DatabaseUS-CERT publishes information about a wide variety of vulnerabilities. Vulnerabilities that meet a certain severity threshold are described in US-CERT Technical Alerts. It is difficult, however, to measure the severity of a vulnerability in a way that is appropriate for all users. For example, a severe vulnerability in a rarely used application might not qualify for publication as a technical alert but might be very important to a system administrator who runs the vulnerable application. US-CERT Vulnerability Notes provide a way to publish information about these less-severe vulnerabilities.
Vulnerability notes include technical descriptions of the vulnerability, as well as the impact, solutions and workarounds, and lists of affected vendors. You can search the vulnerability notes database, or you can browse by several key fields. Help is available for customizing search queries and view features. You can customize database queries to obtain specific information, such as the ten most recently updated vulnerabilities or the twenty vulnerabilities with the highest severity metric.
We also offer an Atom feed that lists the 30 most recently published vulnerability notes.
Communicating with usTo report a vulnerability, please use the CERT Vulnerability Reporting Form. Alternatively, you can send us email with as much information as you can provide. To protect sensitive, non-public vulnerability information, please encrypt to the US-CERT and CERT PGP keys.
To provide feedback about a vulnerability note, please send email with the appropriate VU# number(s) in the subject line.
We appreciate your comments and suggestions.
|
 |
|
Search Vulnerability Notes |
| |
Recent Vulnerability Notes
|
| VU#251793 | Foxit Reader contains multiple vulnerabilities in the processing of JPX data |
| VU#568153 | Adobe Reader contains multiple vulnerabilities in the processing of JPX data |
| VU#983731 | eBay Enhanced Picture Uploader ActiveX control vulnerable to arbitrary command execution |
| VU#710316 | NSD vulnerable to one-byte overflow |
| VU#787932 | Microsoft IIS WebDAV Remote Authentication Bypass |
| VU#853097 | ntpd autokey stack buffer overflow |
| VU#238019 | Cyrus SASL library buffer overflow vulnerability |
| VU#576996 | NuPoint Messenger server transmits authentication credentials in plain text |
| VU#402580 | Jetty HTTP server directory traversal vulnerability |
| VU#970180 | Adobe Reader and Acrobat customDictionaryOpen() and getAnnots() JavaScript vulnerabilities |
|
|
Get Adobe Reader 