The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Most Vulnerability Notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD).
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 16 Aug 2016VU#294272ReadyDesk contains multiple vulnerabilitiesMultiple CVEs
- 15 Aug 2016VU#905344HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protectedUnknown
- 12 Aug 2016VU#301735ZModo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentialsMultiple CVEs
- 11 Aug 2016VU#332115D-Link routers contain buffer overflow vulnerabilityCVE-2016-5681
- 08 Aug 2016VU#735416UltraVNC repeater does not restrict IP addresses or ports by defaultCVE-2016-5673
- 04 Aug 2016VU#877625Proxy auto-config (PAC) files have access to full HTTPS URLsMultiple CVEs
- 04 Aug 2016VU#856152NUUO and Netgear Network Video Recorder (NVR) products web interfaces contain multiple vulnerabilitiesMultiple CVEs
- 01 Aug 2016VU#603047Crestron AirMedia AM-100 contains multiple vulnerabilitiesMultiple CVEs
- 01 Aug 2016VU#974424Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilitiesMultiple CVEs
- 29 Jul 2016VU#217871Intel CrossWalk project does not validate SSL certificates after first acceptanceCVE-2016-5672