The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Most Vulnerability Notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD).
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 15 Feb 2017VU#614751Hughes satellite modems contain multiple vulnerabilitiesMultiple CVEs
- 08 Feb 2017VU#745607Accellion FTP server contains information exposure and cross-site scripting vulnerabilitiesMultiple CVEs
- 02 Feb 2017VU#867968Microsoft Windows SMB Tree Connect Response denial of service vulnerabilityCVE-2017-0016
- 31 Jan 2017VU#167623SHDesigns Resident Download Manager does not authenticate firmware downloadsCVE-2016-6567
- 27 Jan 2017VU#909240Cisco WebEx web browser extension allows arbitrary code executionCVE-2017-3823
- 13 Jan 2017VU#865216CodeLathe FileCloud is vulnerable to cross-site request forgeryCVE-2016-6578
- 10 Jan 2017VU#767208ThreatMetrix SDK for iOS fails to validate SSL certificatesCVE-2017-3182
- 03 Jan 2017VU#475907ShoreTel Mobility Client mobile application does not verify SSL certificatesCVE-2016-6562
- 13 Dec 2016VU#535111McAfee VirusScan Enterprise for Windows scriptproxy COM object memory corruption vulnerabilityUnknown
- 13 Dec 2016VU#779243EpubCheck 4.0.1 contains a XML external entity processing vulnerabilityCVE-2016-9487