Archive 12/12/2019

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCVE
1471567.57.5Apple Safari WebKit Use-After-Free memory corruption$25k-$100k$25k-$100kNot DefinedNot DefinedCVE-2019-5144
1471555.45.4Hostapd 802.11w Security State denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5062
1471545.45.1Hostapd IAPP Location Update denial of service$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-5061
1471538.58.2Advantech WebAccess Stack-based memory corruption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-3951
1471527.57.5lodahs Backdoor privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19771
1471517.47.4Linux Kernel inode.c debugfs_remov memory corruption$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-19770
1471507.47.4Linux Kernel lock.h perf_trace_lock_acquire memory corruption$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-19769
1471497.47.4Linux Kernel blktrace.c __blk_add_trace memory corruption$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-19768
1471485.45.2Linux Kernel inode.c ext4_xattr_set_entry memory corruption$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-19767
1471477.57.5Bitwarden Server weak encryption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19766
1471468.58.3Siemens SiNVR 3 Central Control Server SFTP Service privilege escalation$5k-$25k$5k-$25kNot DefinedWorkaroundCVE-2019-18342
1471456.36.3Siemens SiNVR 3 Central Control Server weak authentication$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-18341
1471444.44.4Siemens SiNVR 3 Central Control Server Credentials weak encryption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-18340
1471438.58.3Siemens SiNVR 3 Central Control Server HTTP Service weak authentication$5k-$25k$5k-$25kNot DefinedWorkaroundCVE-2019-18339
1471426.46.3Siemens SiNVR 3 Central Control Server XML Data directory traversal$5k-$25k$5k-$25kNot DefinedWorkaroundCVE-2019-18338
1471418.58.3Siemens SiNVR 3 Central Control Server XML Data weak authentication$5k-$25k$5k-$25kNot DefinedWorkaroundCVE-2019-18337
1471405.35.2Siemens SPPA-T3000 Application Server Service Port 80 information disclosure$5k-$25k$0-$5kNot DefinedWorkaroundCVE-2019-18335
1471395.35.2Siemens SPPA-T3000 Application Server Service Port 8090 Username information disclosure$5k-$25k$0-$5kNot DefinedWorkaroundCVE-2019-18334
1471385.35.2Siemens SPPA-T3000 Application Server Service Port 8090 Directory information disclosure$5k-$25k$0-$5kNot DefinedWorkaroundCVE-2019-18333
1471375.35.2Siemens SPPA-T3000 Application Server Web Services Directory information disclosure$5k-$25k$0-$5kNot DefinedWorkaroundCVE-2019-18332
1471365.35.2Siemens SPPA-T3000 Application Server Service Port 1099 information disclosure$5k-$25k$0-$5kNot DefinedWorkaroundCVE-2019-18331
1471358.58.3Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote Code Execution$5k-$25k$5k-$25kNot DefinedWorkaroundCVE-2019-18330
1471348.58.3Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote Code Execution$5k-$25k$5k-$25kNot DefinedWorkaroundCVE-2019-18329
1471338.58.3Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote Code Execution$5k-$25k$5k-$25kNot DefinedWorkaroundCVE-2019-18328
1471328.58.3Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote Code Execution$5k-$25k$5k-$25kNot DefinedWorkaroundCVE-2019-18327
1471317.57.4Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote Code Execution$5k-$25k$5k-$25kNot DefinedWorkaroundCVE-2019-18326
1471308.58.3Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote Code Execution$5k-$25k$5k-$25kNot DefinedWorkaroundCVE-2019-18325
1471298.58.3Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote Code Execution$5k-$25k$5k-$25kNot DefinedWorkaroundCVE-2019-18324
1471288.58.3Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 Remote Code Execution$5k-$25k$5k-$25kNot DefinedWorkaroundCVE-2019-18323
1471278.28.0Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 privilege escalation$5k-$25k$5k-$25kNot DefinedWorkaroundCVE-2019-18322
1471267.27.0Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 information disclosure$5k-$25k$0-$5kNot DefinedWorkaroundCVE-2019-18321
1471257.47.4Siemens SPPA-T3000 Application Server File Upload privilege escalation$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-18320
1471246.46.4Siemens SPPA-T3000 Application Server RMI denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-18319
1471236.46.4Siemens SPPA-T3000 Application Server RMI denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-18318
1471226.46.4Siemens SPPA-T3000 Application Server RMI denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-18317
1471218.58.3Siemens SPPA-T3000 Application Server Service Port 1099 Remote Code Execution$5k-$25k$5k-$25kNot DefinedWorkaroundCVE-2019-18316
1471208.58.3Siemens SPPA-T3000 Application Server Service Port 8888 Remote Code Execution$5k-$25k$5k-$25kNot DefinedWorkaroundCVE-2019-18315
1471198.58.5Siemens SPPA-T3000 Application Server RMI Remote Code Execution$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-18314
1471188.58.5Siemens SPPA-T3000 MS3000 Migration Server RPC Service Remote Code Execution$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-18313
1471175.35.2Siemens SPPA-T3000 MS3000 Migration Server RPC Service information disclosure$5k-$25k$0-$5kNot DefinedWorkaroundCVE-2019-18312

Do you need the next level of professionalism?

Upgrade your account now!