Welcome to the US-CERT Vulnerability Notes DatabaseUS-CERT publishes information about a wide variety of vulnerabilities. Vulnerabilities that meet a certain severity threshold are described in US-CERT Technical Alerts. It is difficult, however, to measure the severity of a vulnerability in a way that is appropriate for all users. For example, a severe vulnerability in a rarely used application might not qualify for publication as a technical alert but might be very important to a system administrator who runs the vulnerable application. US-CERT Vulnerability Notes provide a way to publish information about these less-severe vulnerabilities.
Vulnerability notes include technical descriptions of the vulnerability, as well as the impact, solutions and workarounds, and lists of affected vendors. You can search the vulnerability notes database, or you can browse by several key fields. Help is available for customizing search queries and view features. You can customize database queries to obtain specific information, such as the ten most recently updated vulnerabilities or the twenty vulnerabilities with the highest severity metric.
We also offer an Atom feed that lists the 30 most recently published vulnerability notes.
Communicating with usTo report a vulnerability, please use the CERT Vulnerability Reporting Form. Alternatively, you can send us email with as much information as you can provide. To protect sensitive, non-public vulnerability information, please encrypt to the US-CERT and CERT PGP keys.
To provide feedback about a vulnerability note, please send email with the appropriate VU# number(s) in the subject line.
We appreciate your comments and suggestions.
|
 |
|
Search Vulnerability Notes |
| |
Recent Vulnerability Notes
|
| VU#732115 | Project Open cross-site scripting vulnerability |
| VU#410281 | Apple Mac OS X CoreText embedded font vulnerability |
| VU#403593 | Apple Mac OS X ATS data-font memory corruption vulnerability |
| VU#763355 | 802.1X password exploit on many HTC Android devices |
| VU#470151 | Linux Kernel local privilege escalation via SUID /proc/pid/mem write |
| VU#738961 | Oracle Outside In contains an exploitable vulnerability in Lotus 123 v4 parser |
| VU#659515 | Wibu-Systems CodeMeter remote denial of service vulnerability |
| VU#903934 | Hash table implementations vulnerable to algorithmic complexity attacks |
| VU#723755 | WiFi Protected Setup (WPS) PIN brute force vulnerability |
| VU#209659 | Unbound multiple denial-of-service vulnerabilities |
|
|
