The Vulnerability Notes Database provides timely information about software vulnerabilities. Vulnerability notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 19 May 2015VU#177092KCodes NetUSB kernel driver is vulnerable to buffer overflowCVE-2015-3036
- 08 May 2015VU#110532Subrion CMS vulnerable to SQL injection by an authenticated userUnknown
- 05 May 2015VU#978652Bomgar Remote Support Portal deserializes untrusted dataCVE-2015-0935
- 04 May 2015VU#602540ICU Project ICU4C library contains multiple overflow vulnerabilitiesMultiple CVEs
- 30 Apr 2015VU#581276EMC AutoStart is vulnerable to remote code execution via specially crafted packetsCVE-2015-0538
- 28 Apr 2015VU#534407Barracuda Web Filter insecurely performs SSL inspectionMultiple CVEs
- 20 Apr 2015VU#260780NetNanny uses a shared private key and root CAUnknown
- 17 Apr 2015VU#750060Hewlett-Packard Network Automation contains multiple vulnerabilitiesCVE-2014-7886
- 14 Apr 2015VU#274244Blue Coat Malware Analysis appliance contains a cross-site scripting (XSS) vulnerability and information disclosureMultiple CVEs
- 14 Apr 2015VU#697316SearchBlox contains multiple vulnerabilitiesMultiple CVEs