Welcome to the US-CERT Vulnerability Notes DatabaseUS-CERT publishes information about a wide variety of vulnerabilities. Vulnerabilities that meet a certain severity threshold are described in US-CERT Technical Alerts. It is difficult, however, to measure the severity of a vulnerability in a way that is appropriate for all users. For example, a severe vulnerability in a rarely used application might not qualify for publication as a technical alert but might be very important to a system administrator who runs the vulnerable application. US-CERT Vulnerability Notes provide a way to publish information about these less-severe vulnerabilities.
Vulnerability notes include technical descriptions of the vulnerability, as well as the impact, solutions and workarounds, and lists of affected vendors. You can search the vulnerability notes database, or you can browse by several key fields. Help is available for customizing search queries and view features. You can customize database queries to obtain specific information, such as the ten most recently updated vulnerabilities or the twenty vulnerabilities with the highest severity metric.
We also offer an Atom feed that lists the 30 most recently published vulnerability notes.
Communicating with usTo report a vulnerability, please send us email with as much information as you can provide. For guidance, see the CERT® Coordination Center Product Vulnerability Reporting Form. To protect sensitive, non-public vulnerability information, please encrypt to the US-CERT and CERT/CC PGP keys.
To provide feedback about a vulnerability note, please send email with the appropriate VU# number(s) in the subject line.
We appreciate your comments and suggestions.
Last updated July 2, 2007
|
 |
|
Search Vulnerability Notes |
| |
Recent Vulnerability Notes
|
| VU#817940 | NetBSD malformed ICMPv6 MLD-QUERY denial of service |
| VU#612636 | Google SAML Single Sign on vulnerability |
| VU#914785 | SoftArtisans XFile FileManager ActiveX control stack buffer overflows |
| VU#343355 | Apache Tomcat UTF8 Directory Traversal Vulnerability |
| VU#938323 | Postfix local privilege escalation |
| VU#778427 | Intrinsic Swimage Encore does not securely manage login credentials |
| VU#661827 | Cisco WebEx Meeting Manager WebexUCFObject ActiveX Control stack buffer overflow |
| VU#309739 | Microsoft Color Management System (MSCMS) module remote code execution |
| VU#663763 | Apache mod_proxy_ftp XSS vulnerability |
| VU#716387 | Oracle Weblogic Apache connector vulnerable to buffer overflow |
|
|
Get Adobe Reader 