The Vulnerability Notes Database provides timely information about software vulnerabilities. Vulnerability notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 05 Dec 2013VU#268662NagiosQL 3.2 Service Pack 2 contains a reflected cross-site scripting vulnerabilityCVE-2013-6039
- 03 Dec 2013VU#346278AT&T Connect Participant Application for Windows v9.5.35 contains a stack-based buffer overflow vulnerabilityCVE-2013-6029
- 02 Dec 2013VU#346982EMC Document Sciences xPression contains multiple vulnerabilitiesMultiple CVEs
- 22 Nov 2013VU#893462Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.9.4 build 2995 contains a code injection vulnerabilityCVE-2013-5912
- 18 Nov 2013VU#295276Adobe ColdFusion is vulnerable to cross-site scripting via the logviewer directoryCVE-2013-5326
- 14 Nov 2013VU#466876EMC Documentum Product Suite version 6.7 contains a DOM based cross-site scripting vulnerabilityCVE-2013-3281
- 07 Nov 2013VU#274923Dual_EC_DRBG output using untrusted curve constants may be predictableCVE-2007-6755
- 07 Nov 2013VU#596990IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway contain a URL redirection vulnerabilityCVE-2013-5431
- 04 Nov 2013VU#436214Attachmate Verastream Host Integrator (VHI) allows arbitrary file upload and executionCVE-2013-3626
- 31 Oct 2013VU#450646Tiki Wiki CMS Groupware version 11.0 contains a cross-site scripting (XSS) vulnerabilityCVE-2013-6022