The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Most Vulnerability Notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD).
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 20 Oct 2016VU#404187Synology NAS servers contain insecure default credentialsCVE-2016-6554
- 20 Oct 2016VU#970379Green Packet DX-350 contains insecure default credentialsCVE-2016-6552
- 20 Oct 2016VU#200907Intellian Satellite TV t-Series and v-Series firmware contains insecure default credentialsCVE-2016-6551
- 20 Oct 2016VU#326395Nuuo NT-4040 firmware contains insecure default credentialsCVE-2016-6553
- 17 Oct 2016VU#763843ASUS RP-AC52 contains multiple vulnerabilitiesMultiple CVEs
- 11 Oct 2016VU#396440MatrixSSL contains multiple vulnerabilitiesMultiple CVEs
- 04 Oct 2016VU#884840Animas OneTouch Ping insulin pump contains multiple vulnerabilitiesMultiple CVEs
- 30 Sep 2016VU#338624U by BB&T iOS banking application fails to properly validate SSL certificatesCVE-2016-6550
- 28 Sep 2016VU#706359Aternity version 9 vulnerable to cross-site scripting and remote code executionMultiple CVEs
- 13 Sep 2016VU#667480AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilitiesMultiple CVEs