Vulnerability of the Day »

QEMU Host Controller Driver hcd-ohci.c stack-based buffer overflow

A vulnerability was found in QEMU 5.0.0 (Virtualization Software) and classified as critical. Affected by this issue is an unknown part of the file hw/usb/hcd-ohci.c of the component Host Controller Driver. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Threat Intelligence »

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. The CTI team is mapping structures of countries and their relationships to identify tensions and possible attack scenarios. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and social media exchanges makes it possible to identify planned attacks. The Threat Intelligence Platform (TIP) illustrates the interest of cybercriminals and state actors in real-time.

Recent »

The moderation team is monitoring different sources 24/7 for the disclosure of information about new or existing vulnerabilitities. If a new issue is determined, additional data from other sources is collected and a new VulDB entry created. This entry is then pushed to customers, the web site and accessible via API and social media accounts. Please use the submit feature to suggest new sources and entries.

Updates »

If the moderation team detects changes of existing vulnerabilities or new data of existing vulnerabilities are getting published, the old entries will be updated. This happens if needed and on a regular basis which concludes in a maximum of data quality. Every entry contains a timestamp of the last update and a change log of updated fields. Please use the edit feature to commit updates to existing entries.

CVSS Current Top 5 »

Top vulnerabilities with the highest CVSSv3 temp scores at the moment. The score is generated by separate values which are called vectors. Those vectors define the structure of the vulnerability. They rely on attack prerequisites and impact. The calculated score ranges between 0.0 and 10.0 whereas a high value declares a high risk. The main score is the base score which analyses the structure of the vulnerability only. The extended score called temp score introduces time-based aspects like exploit and countermeasure availability. Our moderators classify every entry to generate a CVSS score as accurate as posible.

Exploit Price Current Top 5 »

Top vulnerabilities with the highest exploit price at the moment. These price estimations are calculated prices based on mathematical algorithm. This algorithm got developed by our specialists over the years by observing the exploit market structure and exchange behavior of involved actors. It allows the prediction of generic prices by considering multiple technical aspects of the affected vulnerability. The more technical details are available the higher the accuracy of the reproducable approximation.

Latest Exploits »

Exploits are small tools or larger frameworks which help to exploit a vulnerability or even fully automate the exploitation. The development of exploits takes time and effort which is why an exploit market exists. By observing the market structure it is possible to determine current and to forecast future prices. This information might influence a risk assessment.

Latest Videos »

Some resarcher or news outlet provide videos discussing vulnerabilities, their possible exploitation or recommended countermeasures. Adding these videos to the vulnerability entries helps users to understand issues and how to address them properly. VulDB is linking to different external video sources and is therefore not responsible for their respective contents.

Do you need the next level of professionalism?

Upgrade your account now!