Welcome to the US-CERT Vulnerability Notes DatabaseUS-CERT publishes information about a wide variety of vulnerabilities. Vulnerabilities that meet a certain severity threshold are described in US-CERT Technical Alerts. It is difficult, however, to measure the severity of a vulnerability in a way that is appropriate for all users. For example, a severe vulnerability in a rarely used application might not qualify for publication as a technical alert but might be very important to a system administrator who runs the vulnerable application. US-CERT Vulnerability Notes provide a way to publish information about these less-severe vulnerabilities.
Vulnerability notes include technical descriptions of the vulnerability, as well as the impact, solutions and workarounds, and lists of affected vendors. You can search the vulnerability notes database, or you can browse by several key fields. Help is available for customizing search queries and view features. You can customize database queries to obtain specific information, such as the ten most recently updated vulnerabilities or the twenty vulnerabilities with the highest severity metric.
We also offer an Atom feed that lists the 30 most recently published vulnerability notes.
Communicating with usTo report a vulnerability, please send us email with as much information as you can provide. For guidance, see the CERT® Coordination Center Product Vulnerability Reporting Form. To protect sensitive, non-public vulnerability information, please encrypt to the US-CERT and CERT/CC PGP keys.
To provide feedback about a vulnerability note, please send email with the appropriate VU# number(s) in the subject line.
We appreciate your comments and suggestions.
Last updated July 2, 2007
|
 |
|
Search Vulnerability Notes |
| |
Recent Vulnerability Notes
|
| VU#829876 | Microsoft Outlook Web Access may not use the no-store HTTP directive |
| VU#468843 | Microsoft Internet Explorer 7 DisableCachingOfSSLPages may not prevent caching |
| VU#684883 | CA Unicenter DSM ITRM Legends ActiveX integer overflow |
| VU#596268 | Wonderware SuiteLink null pointer dereference |
| VU#147027 | PHP path translation vulnerability |
| VU#929656 | Multiple BGP implementations do not properly handle UPDATE messages |
| VU#584089 | cPanel XSRF vulnerabilities |
| VU#643049 | Motorola Surfboard cable modem cross-site request forgery vulnerability |
| VU#159523 | Adobe Flash Player integer overflow vulnerability |
| VU#218395 | CUPS integer overflow vulnerability |
|
Get Adobe Reader