The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Most Vulnerability Notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD).
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 13 Sep 2017VU#101048Microsoft .NET framework SOAP Moniker PrintClientProxy remote code execution vulnerabilityCVE-2017-8759
- 12 Sep 2017VU#240311Multiple Bluetooth implementation vulnerabilities affect many devicesMultiple CVEs
- 08 Sep 2017VU#166743Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilitiesMultiple CVEs
- 06 Sep 2017VU#112992Apache Struts 2 framework REST plugin insecurely deserializes untrusted XML dataCVE-2017-9805
- 29 Aug 2017VU#403768Akeo Consulting Rufus fails to update itself securelyCVE-2017-13083
- 03 Aug 2017VU#824672Microsoft Windows automatically executes code specified in shortcut filesCVE-2017-8464
- 27 Jul 2017VU#793496Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recencyMultiple CVEs
- 25 Jul 2017VU#838200Telerik Web UI contains cryptographic weaknessCVE-2017-9248
- 20 Jul 2017VU#586501Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor AccountMultiple CVEs
- 18 Jul 2017VU#547255Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflowCVE-2017-3223