Archive 09/11/2019

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCVE
1417004.84.8Trend Micro Security Manager/Vulnerability Protection XML Data XML External Entity$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-9488
1416996.96.6JIRA makeRequest JiraWhitelist Server-Side Request Forgery$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-8451
1416983.73.6JIRA Optimization Plugin cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-8450
1416975.35.1JIRA groupuserpicker information disclosure$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-8449
1416966.46.4Netgear N300 Host Access Point Daemon NULL Pointer Dereference denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-5055
1416956.46.4Netgear N300 Session NULL Pointer Dereference denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-5054
1416945.55.3Dell EMC RSA Identity Governance and Lifecycle Debug Log File Password information disclosure$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-3763
1416934.84.6Dell EMC RSA Identity Governance and Lifecycle Access Request Module Stored cross site scripting$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-3761
1416927.57.2Dell EMC RSA Identity Governance and Lifecycle Back-End Database sql injection$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-3760
1416917.26.8Dell EMC RSA Identity Governance and Lifecycle Groovy Script Code Injection privilege escalation$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-3759
1416906.46.1McAfee Web Gateway Scanning Proxy denial of service$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-3644
1416896.46.1McAfee Web Gateway Scanning Proxy denial of service$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-3643
1416887.47.4Ocean Extra Plugin CSS wizard.php privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16250
1416878.58.5OpenCV intrin_sse.hpp v_load memory corruption$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-16249
1416865.45.2Telegram Delete information disclosure$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-16248
1416856.56.5Delta DCISoft User Mode SetSerializeData+0x000000000000001b memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16247
1416847.47.1Dino MAM Message 0313_message_archive_management.vala privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-16237
1416837.47.1Dino Push Authorization module.vala privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-16236
1416827.57.2Dino Carbon Message 0280_message_carbons.vala privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-16235
1416816.46.4Linux Kernel trans.c denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-16234
1416806.46.4Linux Kernel qla_os.c denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-16233
1416796.46.4Linux Kernel if_sdio.c denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-16232
1416786.46.4Linux Kernel fjes_main.c denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-16231
1416776.46.4Linux Kernel radeon_display.c denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-16230
1416766.46.4Linux Kernel kfd_interrupt.c denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-16229
1416756.46.4py-lmdb mdb_env_open2 denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16228
1416748.58.5py-lmdb mdb_cursor_set memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16227
1416737.47.4py-lmdb memmove mdb_node_del memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16226
1416728.58.5py-lmdb memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16225
1416718.58.5py-lmdb memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16224
1416704.74.5WordPress Post Preview cross site scripting$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-16223
1416695.45.1WordPress URL kses.php wp_kses_bad_protocol_once cross site scripting$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-16222
1416685.45.1WordPress Dashboard Reflected cross site scripting$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-16221
1416676.66.3WordPress pluggable.php wp_validate_redirect Open Redirect$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-16220
1416665.45.1WordPress Shortcode Preview cross site scripting$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-16219
1416655.45.1WordPress Comment Stored cross site scripting$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-16218
1416645.45.1WordPress Media Upload cross site scripting$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-16217
1416636.56.5Micro-Star MSI Afterburner Driver RTCore64.sys Code Execution$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16098
1416625.44.7XWiki CryptPad Pad Management Logic denial of service$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-15302
1416615.95.6JIRA cross site request forgery$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-14998

Interested in the pricing of exploits?

See the underground prices here!