The Vulnerability Notes Database provides timely information about software vulnerabilities. Vulnerability notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 16 Apr 2014VU#495476Openfire contains an uncontrolled resource consumption vulnerabilityCVE-2014-0360
- 14 Apr 2014VU#657622Xangati software release contains relative path traversal and command injection vulnerabilitiesMultiple CVEs
- 14 Apr 2014VU#215284Artiva Agency Single Sign-On (SSO) feature vulnerabilityCVE-2014-0348
- 14 Apr 2014VU#437385PaperThin CommonSpot CMS contains multiple vulnerabilitiesUnknown
- 11 Apr 2014VU#901156PivotX 2.3.8 contains multiple vulnerabilitiesMultiple CVEs
- 11 Apr 2014VU#251628AMTELCO miSecureMessages Server insecurely authenticates clientsCVE-2014-0357
- 11 Apr 2014VU#667340Fortinet FortiADC D-series contains a cross-site scripting vulnerabilityCVE-2014-0331
- 11 Apr 2014VU#939260ZyXEL Wireless N300 NetUSB Router NBG-419N devices contain multiple vulnerabilitiesMultiple CVEs
- 10 Apr 2014VU#882841Microsoft Office file format converter memory corruption vulnerabilityCVE-2014-1757
- 08 Apr 2014VU#345337J2k-Codec contains multiple exploitable vulnerabilitiesCVE-2014-0349