The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Most Vulnerability Notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD).
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 04 May 2017VU#556600Space Coast Credit Union SCCU Mobile for Android and iPhone fails to properly validate SSL certificatesCVE-2017-3212
- 04 May 2017VU#276408Think Mutual Bank Mobile Banking App for iPhone fails to properly validate SSL certificatesCVE-2017-3213
- 02 May 2017VU#491375Intel Active Management Technology (AMT) does not properly enforce access controlCVE-2017-5689
- 25 Apr 2017VU#219739Portrait Displays SDK applications are vulnerable to arbitrary code execution and privilege escalationCVE-2017-3210
- 17 Apr 2017VU#676632IBM Lotus Domino server mailbox name stack buffer overflowCVE-2017-1274
- 11 Apr 2017VU#334207DBPOWER U818A WIFI quadcopter drone allows full filesystem permissions to anonymous FTPCVE-2017-3209
- 10 Apr 2017VU#921560Microsoft OLE URL Moniker improperly handles remotely-linked HTA dataCVE-2017-0199
- 04 Apr 2017VU#307983Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities referencesMultiple CVEs
- 31 Mar 2017VU#507496GIGABYTE BRIX UEFI firmware fails to implement write protection and is not cryptographically signedMultiple CVEs
- 28 Mar 2017VU#342303Pandora iOS app does not properly validate SSL certificatesCVE-2017-3194