Archive 12/13/2019

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCVE
1472155.75.7Huawei Product weak encryption$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-5291
1472145.45.4Huawei S5700/S6700 denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5290
1472135.45.1Huawei CampusInsight Gauss100 OLTP Database Out-of-Bounds denial of service$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-5278
1472126.46.4Huawei CloudUSM-EUA information disclosure$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-5277
1472113.53.5Huawei Mate 9 Applock information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5264
1472105.45.4Huawei Y9/Honor View 20 TD-SCDMA Message Loop denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5260
1472095.45.4Huawei eSpace U1981 memory corruption$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-5258
1472085.45.4Huawei AP2000 Management privilege escalation$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-5257
1472074.44.4Huawei eSpace U1981 NULL Pointer Dereference denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5256
1472065.95.9Huawei eSpace U1981 Out-of-Bounds memory corruption$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-5255
1472058.48.4Huawei eSpace U1981 Message Out-of-Bounds memory corruption$25k-$100k$5k-$25kNot DefinedNot DefinedCVE-2019-5254
1472045.75.5Huawei E5572-855 weak authentication$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-5253
1472024.94.9Huawei Smartphone directory traversal$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-5251
1472017.06.7Huawei Mate 20 Pro privilege escalation$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-5250
1472006.06.0Huawei CloudEngine 12800 Memory Leak denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5248
1471984.74.7IBM Case Manager Case Builder cross site scripting$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-4426
1471976.56.5Yabasic Basic Source Code function.c myformat memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19796
1471966.56.5Samurai Build File util.c canonpath memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19795
1471955.75.5miekg Go DNS Random Number Generator privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-19794
1471947.57.2Cyxtera AppGate SDP Client privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-19793
1471938.58.5Telerik UI for ASP.NET AJAX RadChart directory traversal$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19790
1471927.07.0ATasm m65 File setparse.c get_signed_expression() memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19787
1471917.07.0ATasm m65 File setparse.c parse_expr() memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19786
1471907.07.0ATasm m65 File asm.c to_comma() memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19785
1471898.08.0AceaXe Plus FTP Client memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19782
1471887.57.5libsixel loader.c load_sixel memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19778
1471877.57.5stb Image Loader stb_image.h stbi__load_main memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19777
1471866.56.2Zoho ManageEngine EventLog Analyzer runquery.do information disclosure$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-19774
1471855.35.1Dovecot Push Notification Driver NULL Pointer Dereference denial of service$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-19722
1471846.56.5VeraCrypt VeraCryptExpander.exe privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19501
1471835.65.6Huawei Products weak encryption$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-19397
1471826.45.9Envoy Route Manager NULL Pointer Dereference denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-18838
1471818.58.5Envoy HTTP Header privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-18802
1471808.57.9Envoy Access Control Heap-based memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-18801
1471795.24.9quiz-master-next Plugin quiz-options-page.php cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-17599
1471789.89.8Petwant PF-103/Petalk AI libcommon.so processCommandUploadLog() privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17364
1471777.47.4eGain Web Email API 11+ Message email) privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17123
1471766.66.1npm CLI Install Script privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16777
1471756.66.1npm CLI Install Script privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16776
1471746.66.1npm CLI Install Script Symlink privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16775

Do you know our Splunk app?

Download it now for free!