The Vulnerability Notes Database provides timely information about software vulnerabilities. Vulnerability notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 27 Feb 2015VU#632140Multiple Toshiba products are vulnerable to trusted service path privilege escalationCVE-2015-0884
- 23 Feb 2015VU#366544Adtrustmedia PrivDog fails to validate SSL certificatesUnknown
- 19 Feb 2015VU#529496Komodia Redirector with SSL Digestor fails to properly validate SSL and installs non-unique root CA certificates and private keysUnknown
- 13 Feb 2015VU#695940Henry Spencer regular expressions (regex) library contains a heap overflow vulnerabilityUnknown
- 13 Feb 2015VU#787252Microsoft Windows domain-configured client Group Policy fails to authenticate serversCVE-2015-0008
- 05 Feb 2015VU#377644Ektron Content Management System (CMS) contains multiple vulnerabilitiesMultiple CVEs
- 05 Feb 2015VU#669156Topline Systems Opportunity Form vulnerable to information disclosureUnknown
- 02 Feb 2015VU#522460SerVision HVG Video Gateway web interface contains multiple vulnerabilitiesMultiple CVEs
- 28 Jan 2015VU#967332GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflowCVE-2015-0235
- 23 Jan 2015VU#546340QPR Portal contains multiple vulnerabilitiesMultiple CVEs