CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

How does it work?

  • Warning: This site and all data are provided as is. It is not guaranteed that all information is accurate and complete. Some of the published vulnerabilities may be missing in our database. Use any information provided on this site at your own risk. By using this site you accept that you know that these data are provided as is and not guaranteed to be accurate, correct or complete. All content is provided as is. All other trademarks appearing on this site are the property of their respective owners in the US or other countries. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss. PLEASE SEE nvd.nist.gov FOR A COMPLETE LIST OF CVE VULNERABILITIES PUBLISHED BY NVD
    The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor/web site owner/maintainer be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
  • All data are taken from XML feeds provided by NVD (National Vulnerability Database) at http://nvd.nist.gov/download.cfm#RSS
  • Vulnerability types are determined using some keyword matching and cwe numbers. Vulnerability type information should be used as an additional information, it may not be reliable.
  • Please Note: CVE data have inconsistencies which affect accuracy of data displayed on www.cvedetails.com. For example a single product might have been defined with several different names. If a product is defined with different names in CVE data then they will be treated as different products by www.cvedetails.com. For example vulnerabilities related to Oracle Database 10g might have been defined for products "Oracle Database", "Oracle Database10g", "Database10g", "Oracle 10g" and similar. Or a PHP vulnerability might have been defined for Fedora Linux 10, so number of vulnerabilities or statistics are only as accurate as CVE data. Please make sure that you manually verify all data before using.
    If you think that there inconsistencies or errors in data published by this site that do not exist in NVD vulnerability XML feeds, please contact admin @ [this domain].

Technical details, limitations

  • Only exact versions listed as "vulnerable products" im NVD xml feeds are listed as vulnerable. Due to data inconsistencies some vulnerable versions may be missing. Vulnerable configurations listed for vulnerabilities are not always consistent with vulnerable softwares listed in CVE definitions.
  • Vendor, product names and version numbers are not consistent in NVD feeds, for example some products are listed with several names like Adobe Reader, Adobe Acrobat Reader or IE and Internet Explorer. So some of the vulnerabilities are reported for IE while others are reported for Internet Explorer. Make sure that you manually verify that you have checked all possible names for a product.
  • It's even worse for version, edition etc numbers.
  • Vulnerability conditions defined in NVD xmls are ignored if they just list products listed in vulnerable software section. For example :
    So are both Tivoli Access Manager and Sun Java System Identity Manager really vulnerable or is Sun Identity Manager vulnerable only when used with Tivoli Access Manager? If Tivoli Access Manager itself is not vulnerable why is it listed in vulnerable software section?
  • As an example to data inconsistencies here is a list of some of the products of Microsoft defined as "Operating Systems" : "Windows srv", "Office System", "Gdiplus", "Windows 286", "Windows 386"...
  • Rejected CVE entries and duplicate entries in xml feeds (there are some duplicate entries in nvd xml feeds) are not included in our database. Because of that number of CVE vulnerabilities on this site and NVD web site may be different. Note: There are some rejected vulnerabilities that could make their way into our database but you can ignore them.

Rating System

A rating system is used to rate CVE references and user comments. It is basically similar to those used by sites like www.wowhead.com. Items will be colored according to their ratings using the colors and meanings listed below. Items with poor rating will fade out while others have more attractive colors.
  • Light Grey : Junk
  • Dark Grey : Useless
  • Black : Average
  • Green : Better than average
  • Blue : Rare
  • Purple : Epic
  • Orange : Legendary
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.