Archive 09/05/2019

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1413266.56.3Google Android zygote.java readArgumentList command injection$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2019-9254
1413256.96.9eFront LMS Login Page sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-5070
1413247.57.5eFront LMS Deserialization PHP Code Execution privilege escalation$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-5069
1413235.35.3Blynk-Library Packet Parser information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-5065
1413225.65.6IBM Intelligent Operations Center Password Policy weak authentication$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2019-4321
1413216.76.7IBM Jazz for Service Management Cache Header Injection privilege escalation$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2019-4186
1413204.74.7IBM Business Automation Workflow Web UI cross site scripting$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2019-4149
1413196.56.3Google Android Kernel binder.c binder_transaction Integer Overflow memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2019-2181
1413185.45.2Google Android ipp.c ippSetValueTag Out-of-Bounds memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2019-2180
1413175.45.2Google Android NDEF_MsgValidate Integer Overflow memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2019-2179
1413166.56.3Google Android NFC Service rw_t4t_sm_read_ndef Out-of-Bounds memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2019-2178
1413158.07.7Google Android Permission HidProfile.java isPreferred Code Execution memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2019-2177
1413147.57.2Google Android ihevcd_parse_headers.c ihevcd_parse_buffering_period_sei Out-of-Bounds memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2019-2176
1413136.56.3Google Android Permission SliceManagerService.java checkAccess privilege escalation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2019-2175
1413126.56.3Google Android SensorManager.cpp assertStateLocked Use-After-Free memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2019-2174
1413114.44.2Google Android Email Attachment ComposeActivityEmailExternal.java ComposeActivityEmailExternal information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-2124
1413106.56.3Google Android Binder.java execTransact memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2019-2123
1413096.56.3Google Android gatekeeper.cpp MintAuthToken Double-Free memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2019-2115
1413087.57.5Google Android ihevcd_ref_list.c ihevcd_ref_list Out-of-Bounds memory corruption$25k-$100k$25k-$100kNot DefinedNot Defined0.00CVE-2019-2108
1413074.44.4Google Assistant Permission information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-2103
1413066.46.4Total.js CMS Cookie weak authentication$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-15955
1413058.68.6Total.js CMS Widget privilege escalation$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-15954
1413047.57.5Total.js CMS API privilege escalation$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-15953
1413037.57.5Total.js CMS directory traversal$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-15952
1413028.88.4Nagios XI Web Interface privilege escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-15949
1413015.05.0Bitcoin Core bitcoin-qt wallet.dat Memory weak encryption$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-15947
1413006.96.6OpenSC asn1.c asn1_decode_entry Out-of-Bounds memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-15946
1412996.96.6OpenSC ASN.1 asn1.c decode_bit_string Out-of-Bounds memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-15945
1412984.84.6Counter-Strike: Global Offensive Community Game Server HTML Injection cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-15944
1412977.57.5FFmpeg h2645_parse.c h2645_parse Uninitialized Memory memory corruption$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-15942
1412965.65.6OpenCV hog.cpp getDescriptorSize Divide-by-Zero denial of service$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-15939
1412958.58.5Pengutronix Barebox nfs.c nfs_readlink_req memory corruption$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-15938
1412948.58.5Pengutronix Barebox nfs.c nfs_readlink_reply memory corruption$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2019-15937
1412935.25.2JetBrains TeamCity cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-15848
1412927.57.5FusionPBX service_edit.php privilege escalation$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2019-15029
1412914.44.4Canon PRINT jp.co.canon.bsd.ad.pixmaprint Administrator Web Interface information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-14339
1412905.35.3Knowage ChangePwdServlet Page Username information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-14278
1412895.95.9Alfresco Community Edition Solr Configuration File Remote Code Execution$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-14224
1412888.58.5Alfresco Community Edition Web Admin Interface Default Key weak authentication$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-14222
1412876.06.0Smanos W100 privilege escalation$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-13361

Want to stay up to date on a daily basis?

Enable the mail alert feature now!