The Vulnerability Notes Database provides timely information about software vulnerabilities. Vulnerability notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 19 Dec 2014VU#561444Multiple broadband routers use vulnerable versions of Allegro RomPagerCVE-2014-9222
- 19 Dec 2014VU#852879Network Time Protocol daemon (ntpd) contains multiple vulnerabilitiesMultiple CVEs
- 19 Dec 2014VU#1680209AppsGeyser generates Android applications that fail to properly validate SSL certificatesUnknown
- 18 Dec 2014VU#843044Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID valuesCVE-2014-8272
- 15 Dec 2014VU#343060CA LISA Release Automation contains multiple vulnerabilitiesMultiple CVEs
- 15 Dec 2014VU#315340EMC Documentum products contain multiple vulnerabilitiesMultiple CVEs
- 12 Dec 2014VU#659684Honeywell OPOS suite Stack Buffer Overflow vulnerabilityCVE-2014-8269
- 09 Dec 2014VU#264212Recursive DNS resolver implementations may follow referrals infinitelyMultiple CVEs
- 05 Dec 2014VU#449452Zenoss Core contains multiple vulnerabilitiesMultiple CVEs
- 18 Nov 2014VU#213119Microsoft Windows Kerberos Key Distribution Center (KDC) fails to properly validate Privilege Attribute Certificate (PAC) signatureCVE-2014-6324