Archive 12/11/2019

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1470306.96.6Microsoft Visual Studio Git input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-1351
1470207.57.5IBM Spectrum Scale command injection$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2019-4715
1470194.74.7IBM Spectrum Scale Web UI cross site scriting$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2019-4665
1470188.58.2Blink XT2 Sync Module Network Configuration os command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-3989
1470178.07.7Blink XT2 Sync Module WiFi os command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-3988
1470168.07.7Blink XT2 Sync Module WiFi os command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-3987
1470158.07.7Blink XT2 Sync Module WiFi os command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-3986
1470148.07.7Blink XT2 Sync Module WiFi os command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-3985
1470137.16.8Blink XT2 Sync Module UART insufficiently protected credentials$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2019-3983
1470127.47.4bson-objectid ObjectID input validation$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2019-19729
1470118.58.5sysstat sa_common.c check_file_actlst double free$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-19725
1470107.57.2Zoho ManageEngine Applications Manager Agent.java sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2019-19650
1470098.58.2Zoho ManageEngine Applications Manager SyncEventServlet.java doGet sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-19649
1470086.46.4Xen VMX VMEntry Check input validation$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2019-19583
1470075.15.1Xen Bit Iteration infinite loop$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-19582
1470065.15.1Xen Bit Iteration memory corruption$0-$5k$5k-$25kNot DefinedNot Defined0.00CVE-2019-19581
1470056.66.6Xen Incomplete Fix race condition$5k-$25k$5k-$25kNot DefinedNot Defined0.06CVE-2019-19580
1470046.36.3Xen Pagetable input validation$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2019-19578
1470035.95.9Xen Pagetable input validation$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-19577
1470027.87.4Squiz Matrix CMS File Upload form_question_type_file_upload.inc input validation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-19374
1470017.47.1Squiz Matrix CMS page_remote_content.inc deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2019-19373
1470007.37.3Symantec Messaging Gateway server-side request forgery$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2019-18379
1469993.63.4Symantec Messaging Gateway cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-18378
1469985.95.7Symantec Messaging Gateway privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2019-18377
1469976.56.5Reliable Controls LicenseManager unquoted search path$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-18245
1469966.56.3Safenet Sentinel LDK License Manager Service link following$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-18232
1469956.46.4Micro Focus AcuToWeb File Download information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-17087
1469945.35.1Atlassian FishEye/Crucible removeStarAjax.do authorization$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-15009
1469935.75.4Atlassian FishEye/Crucible branchreview cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-15008
1469923.73.6Atlassian FishEye/Crucible Branch cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-15007
1469915.85.8Linux/FreeBSD/OpenBSD/MacOS/iOS/Android VPN channel accessible$0-$5k$5k-$25kNot DefinedNot Defined0.06CVE-2019-14899
1469904.54.5wolfSSL/wolfCrypt DSA Nonce Generator dsa.c Key missing encryption$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-14317
1469896.66.3enshrined svg-sanitize cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-10772
1469866.46.1SAP Enable Now User information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-0405
1469856.46.1SAP Enable Now Error Message information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-0404
1469848.58.2SAP Enable Now input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-0403
1469833.83.7SAP Adaptive Server Enterprise information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-0402
1469825.45.4SAP Project Management Project Dashboard information disclosure$5k-$25k$0-$5kNot DefinedNot Defined0.05CVE-2019-0399
1469816.15.9SAP BusinessObjects Business Intelligence Platform cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2019-0398
1469804.44.3SAP BusinessObjects Business Intelligence Platform Fiori BI Launchpad Stored cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2019-0395

Do you know our Splunk app?

Download it now for free!