The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Most Vulnerability Notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD).
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 25 Nov 2015VU#566724Embedded devices use non-unique X.509 certificates and SSH host keysMultiple CVEs
- 24 Nov 2015VU#925497Dell System Detect installs root certificate and private key (DSDTestProvider)Unknown
- 24 Nov 2015VU#870761Dell Foundation Services installs root certificate and private key (eDellRoot)Unknown
- 23 Nov 2015VU#428280CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabiltiesMultiple CVEs
- 20 Nov 2015VU#419568ARRIS cable modems generate passwords deterministically and contain XSS and CSRF vulnerabilitiesMultiple CVEs
- 13 Nov 2015VU#576313Apache Commons Collections Java library insecurely deserializes dataUnknown
- 06 Nov 2015VU#438928Huawei HG532 routers contain a path traversal vulnerabilityCVE-2015-7254
- 03 Nov 2015VU#391604ZTE ZXHN H108N R1A routers contain multiple vulnerabilitiesMultiple CVEs
- 03 Nov 2015VU#866432Commvault Edge Server deserializes cookie data insecurelyCVE-2015-7253
- 02 Nov 2015VU#316888MobaXterm server may allow arbitrary command injection due to missing X11 authenticationCVE-2015-7244