Archive 09/24/2019

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCVE
1421837.77.7ONTAP Select Deploy Administration Utility Plaintext weak encryption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5505
1421828.58.3ONTAP Select Deploy Administration Utility HTTP Service privilege escalation$0-$5k$0-$5kNot DefinedWorkaroundCVE-2019-5504
1421815.45.4E2fsprogs Quota File Out-of-Bounds memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5094
1421806.05.7Dell EMC Update Package Framework privilege escalation$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-3726
1421798.58.3vBulletin widget_php Remote Code Execution$0-$5k$0-$5kFunctionalNot DefinedCVE-2019-16759
1421786.46.4RIOT MQTT Server NULL Pointer Dereference denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16754
1421775.25.2Devise Token Auth Callback Controller fallback_render Reflected cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16751
1421765.24.9Joomla CMS Default Template cross site scripting$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-16725
1421758.58.5File Sharing Wizard Exception Code Execution memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16724
1421748.58.5Suricata Options decode-ipv4.c IPV4OptValidateTimestamp memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16411
1421738.28.2Suricata Fragmented Packet defrag.c Defrag4Reassemble memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16410
1421728.28.2Suricata SSLv3 app-layer-ssl.c TLSDecodeHSHelloExtensions memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-15699
1421717.47.4SICK FX0-GPNT00000/FX0-GENT00000 memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-14753
1421705.35.3NXP Kinetis KV1x/Kinetis KV3x/Kinetis K8x Access Control privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-14239
1421695.35.3STMicroelectronics STM32F7 Proprietary Code Read Out Protection privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-14238
1421687.27.2BlueStacks Virtual Machine privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-14220
1421674.34.3Niagara AX Utility privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-13528
1421667.07.0Rockwell Automation Arena Simulation Software Cat. 9502-Ax Arena File Uninitialized Memory memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-13527
1421656.46.4QEMU LSI SCSI Adapter Emulator lsi_execute_script() Loop denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-12068
1421645.55.5IBM Security Key Lifecycle Manager Credentials weak encryption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-4566
1421634.34.3IBM Security Key Lifecycle Manager cross site request forgery$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-4515
1421628.58.5wolfSSL ASN.1 Certificate asn.c CheckCertSignature_ex Heap-based memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16748
1421618.58.2Linux Kernel Beacon Head nl80211.c validate_beacon_head memory corruption$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-16746
1421606.56.3pam-python privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-16729
1421595.45.1DOMPurify cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-16728
1421587.77.4Progress MOVEit Transfer REST API MOVEit.DMZ.WebApi.dll sql injection$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-16383
1421557.87.8Total Defense Anti-Virus caschelp.exe Code Execution$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-13357
1421546.56.5Total Defense Anti-Virus Access Control AMRT.exe privilege escalation$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-13356
1421536.56.5Total Defense Anti-Virus Access Control ccschedulersvc.exe privilege escalation$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-13355
1421436.76.4CoreOS Tectonic Grafana Web Application Default Credentials weak authentication$0-$5k$0-$5kNot DefinedOfficial FixCVE-2018-9090
1421413.73.6TLS Protocol/DTLS Protocol MAC Check Lucky Thirteen weak encryption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2013-0169

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!