The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Most Vulnerability Notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD).
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 29 Apr 2016VU#505560Accellion File Transfer Appliance (FTA) contains multiple vulnerabilitiesMultiple CVEs
- 27 Apr 2016VU#718152NTP.org ntpd contains multiple vulnerabilitiesMultiple CVEs
- 25 Apr 2016VU#229047Allround Automations PL/SQL Developer v11 performs updates over HTTPCVE-2016-2346
- 22 Apr 2016VU#822980SysLINK M2M Modular Gateway contains multiple vulnerabilitiesMultiple CVEs
- 22 Apr 2016VU#267328HP Data Protector does not perform authentication and contains an embedded SSL private keyCVE-2016-2004
- 12 Apr 2016VU#813296Microsoft Windows and Samba may allow spoofing of authenticated users ("Badlock")Multiple CVEs
- 07 Apr 2016VU#615456Lemur Vehicle Monitors BlueDriver LSB2 does not authenticate users for Bluetooth accessCVE-2016-2354
- 30 Mar 2016VU#344432Patterson Dental Eaglesoft uses a hard-coded database password across installationsCVE-2016-2343
- 28 Mar 2016VU#732760Autodesk Backburner Manager contains a stack-based buffer overflow vulnerabilityCVE-2016-2344
- 25 Mar 2016VU#319816npm fails to restrict the actions of malicious npm packagesUnknown