The CERT Coordination Center (CERT/CC) prioritizes coordination efforts on vulnerabilities that affect multiple vendors or that impact safety, critical or internet infrastructure, or national security. We also prioritize reports that affect sectors that are new to vulnerability disclosure.

Before reporting any vulnerabilities to the CERT Coordination Center (CERT/CC) and making them public, try contacting the vendor directly. Some vendors offer bug bounty programs. We recommend reading our vulnerability disclosure policy and guidance before submitting a vulnerability report.

CERT Guide to Coordinated Vulnerability Disclosure; CERT/CC's Vulnerability Disclosure Policy; Understanding the Coordination Process; How to Report a Vulnerability; Respond to a Vulnerability Report

2025年1月14日 · Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak, file leak, external directory file-write,–safe-links bypass, and …

2025年1月30日 · During testing, the CERT/CC was able to replicate the jailbreak, but ChatGPT removed the prompt provided and stated that it violated usage policies. Nonetheless, ChatGPT would then proceed to answer the removed prompt. This activity was replicated several times in a …

CERT/CC Vulnerability Notes Database. Published Public Updated ID CVSS Title ; 2025-02-28 2025-03-01 2025-03-05 VU#726882 Paragon Partition Manager contains five memory vulnerabilities within its BioNTdrv.sys driver that allow for privilege escalation and denial-of-service (DoS) attacks 2025-02-11 2025-02-11 ...

Carnegie Mellon University Software Engineering Institute 4500 Fifth Avenue Pittsburgh, PA 15213-2612 412-268-5800

2024年12月11日 · The CERT/CC is creating this Vulnerability Note to advise and make users of PDQ Deploy aware of potential avenues of attack through the deploy service. System administrators that are using PDQ Deploy should employ LAPS to mitigate this vulnerability.

2024年4月10日 · CERT Addendum. This issue was identified by Microsoft in 2011 and continues to be a problem today. Thanks to a security researcher, the vulnerability is receiving greater attention and additional mitigation are being developed.

2025年1月14日 · Thanks to Martin Smolar of ESET for his responsible disclosure of this vulnerability to Howyar Technologies and other affected vendors. Thanks also to Howyar Technologies that closely worked with the researcher and CERT/CC to resolve this vulnerability. This document was written by Vijay Sarvepalli.