The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Most Vulnerability Notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD).
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 12 Dec 2017VU#144389TLS implementations may disclose side channel information via discrepencies between valid and invalid PKCS#1 paddingMultiple CVEs
- 29 Nov 2017VU#113765Apple MacOS High Sierra disabled account authentication bypassCVE-2017-13872
- 21 Nov 2017VU#681983Install Norton Security for Mac does not verify SSL certificatesCVE-2017-15528
- 17 Nov 2017VU#817544Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit GuardUnknown
- 15 Nov 2017VU#421280Microsoft Office Equation Editor stack buffer overflowCVE-2017-11882
- 03 Nov 2017VU#739007IEEE P1735 implementations may have weak cryptographic protectionsMultiple CVEs
- 02 Nov 2017VU#446847Savitech USB audio drivers install a new root CA certificateCVE-2017-9758
- 16 Oct 2017VU#307015Infineon RSA library does not properly generate RSA key pairsCVE-2017-15361
- 16 Oct 2017VU#228519Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuseMultiple CVEs
- 12 Oct 2017VU#590639NXP Semiconductors MQX RTOS contains multiple vulnerabilitiesMultiple CVEs