The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Most Vulnerability Notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD).
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 05 Sep 2018VU#598349Automatic DNS registration and proxy autodiscovery allow spoofing of network servicesUnknown
- 27 Aug 2018VU#906424Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interfaceCVE-2018-8440
- 21 Aug 2018VU#332928Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilitiesCVE-2018-16509
- 15 Aug 2018VU#982149Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)Multiple CVEs
- 14 Aug 2018VU#787952Android and iOS apps contain multiple vulnerabilitiesMultiple CVEs
- 14 Aug 2018VU#857035IKEv1 Main Mode vulnerable to brute force attacksCVE-2018-5389
- 14 Aug 2018VU#641765Linux kernel IP fragment re-assembly vulnerable to denial of serviceCVE-2018-5391
- 06 Aug 2018VU#962459TCP implementations vulnerable to Denial of ServiceMultiple CVEs
- 03 Aug 2018VU#307144mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLRCVE-2018-5392
- 23 Jul 2018VU#304725Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchangeCVE-2018-5383