Archive 11/18/2019

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCVE
1459376.05.7NVIDIA NVFlash memory corruption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-5688
1459365.75.7OpenWrt ustream-ssl Man-in-the-Middle weak authentication$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5102
1459355.75.7OpenWrt ustream-ssl __ustream_ssl_poll Man-in-the-Middle weak authentication$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5101
1459347.77.7ZTE C520V21 Web Service weak authentication$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-3424
1459336.36.3ZTE C520V21 URL directory traversal$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-3423
1459327.57.5PHICOMM K2 autoupgrade.lua privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19117
1459318.58.5newbee-mall NewBeeMallGoodsMapper.xml sql injection$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19113
1459304.84.8Octopus Server Persistent cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19085
1459295.35.3Octopus Deploy Package privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19084
1459284.54.4Norton App Lock privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-18373
1459276.56.5Comodo Internet Security Signature Validation signmgr.dll privilege escalation$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-18215
1459266.46.4Micro Focus Operations Agent XML Data XML External Entity$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17085
1459256.96.9Footy Tipping Software AFL Web Edition File Upload Remote Code Execution$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17058
1459245.25.2Footy Tipping Software AFL Web Edition cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17057
1459235.75.4Mailbird HTML Mail Message cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-15054
1459227.07.0Social Photo Gallery plugin Album Remote Code Execution$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-14467
1459216.56.3Apache Shiro Configuration Padding weak encryption$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-12422
1459208.58.3Apache Solr Configuration File solr.in.sh privilege escalation$5k-$25k$5k-$25kNot DefinedWorkaroundCVE-2019-12409
1459185.25.2Sandline Centraleyezer File Upload Stored cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-12311
1459175.25.2Sandline Centraleyezer Category Stored cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-12299
1459168.58.5Sandline Centraleyezer File Upload privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-12271
1459155.55.5elliptic-php Private Key Elliptic-Curve information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-10764
1459146.46.1Pimcore pimcore sql injection$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-10763
1459135.75.7Codehaus jackson-mapper-asl XML Data XML External Entity$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-10172
1459125.25.2Apache Atlas Search Stored cross site scripting$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-10070
1459116.46.4Plex Media Server Access Control privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2018-21031
1459108.58.2Raritan CommandCenter Secure Gateway XML Data XML External Entity$0-$5k$0-$5kNot DefinedOfficial FixCVE-2018-20687
1459096.66.6BlackBoard Learn bb-auth-provider-cas Authentication Module spoofing$0-$5k$0-$5kNot DefinedNot DefinedCVE-2018-13257
1459085.14.9TBOOT Boot Loader loader.c privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2014-5118
1459075.75.4Jenkins CI Game Plugin cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2012-4441
1459065.75.4Jenkins Violations Plugin cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2012-4440
1459055.75.4Jenkins URL cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2012-4439
1459047.57.2Jenkins privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2012-4438
1459039.89.8Distributed Ruby instance_eval unknown vulnerability$0-$5k$0-$5kNot DefinedNot DefinedCVE-2011-5331
1459029.89.8Distributed Ruby Syscall unknown vulnerability$0-$5k$0-$5kNot DefinedNot DefinedCVE-2011-5330
1459016.56.3Iceweasel-firegpg Temp File Symlink privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2008-7273
1459006.46.1Linux Kernel dc clock_source_create() Memory Leak denial of service$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-19083
1458996.46.4Linux Kernel dc create_resource_pool() Memory Leak denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-19082
1458986.46.1Linux Kernel main.c nfp_flower_spawn_vnic_reprs() Memory Leak denial of service$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-19081
1458976.46.1Linux Kernel main.c nfp_flower_spawn_phy_reprs() Memory Leak denial of service$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-19080

Do you want to use VulDB in your project?

Use the official API to access entries easily!