Archive 10/14/2019

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCVE
1439506.35.2ajenti API privilege escalation$0-$5k$0-$5kProof-of-ConceptOfficial Fix
1434785.35.1Dell ImageAssist Image information disclosure$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-3767
1434776.46.1ncurses terminfo Library comp_hash.c fmt_entry memory corruption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-17595
1434767.57.2ncurses terminfo Library comp_hash.c _nc_find_entry memory corruption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-17594
1434756.56.5JIZHICMS adminadd.html cross site request forgery$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17593
1434746.46.1csv-parse Module Regular Expression __isInt() denial of service$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-17592
1434734.44.0NCH Express Invoice Quotes cross site scripting$0-$5k$0-$5kProof-of-ConceptNot DefinedCVE-2019-16282
1434726.26.2JSS CryptoManager OCSP Policy Man-in-the-Middle weak authentication$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-14823
1434716.55.9Ubisoft Uplay Permission privilege escalation$0-$5k$0-$5kProof-of-ConceptNot DefinedCVE-2019-14737
1434708.68.6AutoPi Device weak authentication$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-12941
1434698.58.5D-Link DIR-880L/DIR-895 fileaccess.cgi memory corruption$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2017-14948
1434688.87.9sudo Runas Restriction privilege escalation$25k-$100k$0-$5kProof-of-ConceptOfficial FixCVE-2019-14287
1434676.56.5CloudCTI HIP Integrator Recognition Configuration Tool EXQUISE privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-9745
1434663.73.7IBM FileNet Content Manager Log File Credentials information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-4572
1434656.46.4idreamsoft iCMS Comment denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17583
1434648.58.5tonyy dormsystem admin.php sql injection$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17580
1434635.24.9Sonarsource SonarQube Project Link cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-17579
1434626.76.7WBCE CMS File Renaming Filter rename.php privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17575
1434618.27.8Popup Maker Plugin do_action privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-17574
1434608.58.5MetInfo sql injection$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17553
1434598.58.5idreamsoft iCMS spider_project.admincp.php sql injection$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17552
1434586.46.2D-Link DIR-412 Web Interface log_get.php information disclosure$5k-$25k$0-$5kNot DefinedWorkaroundCVE-2019-17511
1434578.58.5ZZZCMS zzzphp zzz_template.php parserIfLabel Remote Code Execution$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17408
1434567.87.8BMC Patrol Agent privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17044
1434556.56.5BMC Patrol Agent best1collect.exe privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17043
1434547.87.8ESET Cyber Security Scheduled Task privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16519
1434535.75.7ScadaBR Login Form login.htm cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16344
1434526.46.0Nostromo nhttpd SSL_accept directory traversal$0-$5k$0-$5kProof-of-ConceptNot DefinedCVE-2019-16279
1434518.58.5Nostromo nhttpd http_verify directory traversal$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16278
1434505.05.0Ansible Engine/Tower information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-14858
1434494.74.5wildfly-core privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-14838
1434485.25.2OX App Suite cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-14227
1434477.27.2OX App Suite Permission privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-14226
1434465.95.9OX App Suite Server-Side Request Forgery$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-14225
1434457.57.2ImageMagick draw.c TraceBezier memory corruption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-17547
1434447.57.5LibTIFF RGBA Image tif_getimage.c memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17546
1434438.58.5GDAL ogr_expat.cpp OGRExpatRealloc memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17545
1434428.27.8GNU Aspell getdata.cpp unescape memory corruption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-17544
1434417.77.3LZ4 LZ4_write32 memory corruption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-17543
1434408.58.2FFmpeg vqavideo.c vqa_decode_init memory corruption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-17542

Do you need the next level of professionalism?

Upgrade your account now!