Community

Number one vulnerability management and threat intelligence platform documenting and explaining vulnerabilities since 1970.

Vulnerability of the Day

Google Android sdp_server.cc process_service_attr_req out-of-bounds write

A vulnerability was found in Google Android 7/8/8.1/9. It has been classified as critical. Affected is the function process_service_attr_req of the file sdp_server.cc. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2018-9479. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Threat Intelligence

Our unique Cyber Threat Intelligence aims to determine the ongoing research of APT actors to anticipiate their acitivities. The CTI team is mapping structures of countries and their relationships to identify tensions and possible attack scenarios. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and social media exchanges makes it possible to identify planned attacks. The Threat Intelligence Platform (TIP) illustrates the interest of cybercriminals and state actors in real-time.

Recent

The moderation team is monitoring different sources 24/7 for the disclosure of information about new or existing vulnerabilitities. If a new issue is determined, additional data from other sources is collected and a new VulDB entry created. This entry is then pushed to customers, the web site and accessible via API and social media accounts. Please use the submit feature to suggest new sources and entries.

Updates

If the moderation team detects changes of existing vulnerabilities or new data of existing vulnerabilities are getting published, the old entries will be updated. This happens if needed and on a regular basis which concludes in a maximum of data quality. Every entry contains a timestamp of the last update and a change log of updated fields. Please use the edit feature to commit updates to existing entries.

CVSS Current Top

Top vulnerabilities with the highest CVSSv3 temp scores at the moment. The score is generated by separate values which are called vectors. Those vectors define the structure of the vulnerability. They rely on attack prerequisites and impact. The calculated score ranges between 0.0 and 10.0 whereas a high value declares a high risk. The main score is the base score which analyses the structure of the vulnerability only. The extended score called temp score introduces time-based aspects like exploit and countermeasure availability. Our moderators classify every entry to generate a CVSS score as accurate as posible.

Exploit Price Current Top

Top vulnerabilities with the highest exploit price at the moment. These price estimations are calculated prices based on mathematical algorithm. This algorithm got developed by our specialists over the years by observing the exploit market structure and exchange behavior of involved actors. It allows the prediction of generic prices by considering multiple technical aspects of the affected vulnerability. The more technical details are available the higher the accuracy of the reproducable approximation.

Latest Exploits

Exploits are small tools or larger frameworks which help to exploit a vulnerability or even fully automate the exploitation. The development of exploits takes time and effort which is why an exploit market exists. By observing the market structure it is possible to determine current and to forecast future prices. This information might influence a risk assessment.

Latest Videos

Some resarcher or news outlet provide videos discussing vulnerabilities, their possible exploitation or recommended countermeasures. Adding these videos to the vulnerability entries helps users to understand issues and how to address them properly. VulDB is linking to different external video sources and is therefore not responsible for their respective contents.