The Vulnerability Notes Database provides timely information about software vulnerabilities. Vulnerability notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 27 Mar 2015VU#591120Multiple SSL certificate authorities use email addresses as proof of domain ownershipUnknown
- 26 Mar 2015VU#930956Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystemCVE-2015-0932
- 20 Mar 2015VU#631788Multiple BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAMCVE-2015-0949
- 20 Mar 2015VU#894897NSIS Inetc plug-in fails to validate SSL certificatesCVE-2015-0941
- 17 Mar 2015VU#868948HP ArcSight contains multiple vulnerabilitiesUnknown
- 16 Mar 2015VU#184100D-Link DAP-1320 Rev Ax is vulnerable to a command injectionCVE-2015-2050
- 16 Mar 2015VU#377348D-Link DCS-93xL model family allows unrestricted uploadCVE-2015-2049
- 10 Mar 2015VU#794095Telerik Analytics Monitor Library allows DLL hijackingCVE-2015-0978
- 06 Mar 2015VU#243585SSL/TLS implementations accept export-grade RSA keys (FREAK attack)Unknown
- 03 Mar 2015VU#302668ShareLaTeX vulnerable to remote command execution and information disclosureMultiple CVEs