The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Most Vulnerability Notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD).
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 23 May 2018VU#338343strongSwan VPN charon server vulnerable to buffer underflowCVE-2018-5388
- 21 May 2018VU#180049CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacksMultiple CVEs
- 14 May 2018VU#122919OpenPGP and S/MIME mail client vulnerabilitiesMultiple CVEs
- 08 May 2018VU#631579Hardware debug exception documentation may result in unexpected behaviorCVE-2018-8897
- 03 May 2018VU#283803Integrated GPUs may allow side-channel and rowhammer attacks using WebGL ("Glitch")CVE-2018-10229
- 10 Apr 2018VU#974272Microsoft Outlook retrieves remote OLE content without promptingCVE-2018-0950
- 29 Mar 2018VU#277400Windows 7 and Windows Server 2008 R2 x64 fail to protect kernel memory when the Microsoft update for meltdown is installedCVE-2018-1038
- 27 Mar 2018VU#184077Navarino Infinity web interface is affected by multiple vulnerabilities.Multiple CVEs
- 19 Mar 2018VU#306792Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisionsCVE-2018-5382
- 27 Feb 2018VU#475445Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversalMultiple CVEs