Archive 12/23/2019

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCVE
1476886.46.1Check Point Endpoint Security Client Log File denial of service$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-8463
1476878.58.5upload-image-with-ajax File Upload Remote Code Execution$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-8293
1476868.58.5SonicWALL Email Security Appliance Remote Code Execution$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-7489
1476858.58.5SonicWALL Email Security Appliance Database Default Credentials weak authentication$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-7488
1476844.34.3F5 BIG-IP/BIG-IQ UCS Backup File information disclosure$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-6688
1476836.56.5F5 BIG-IP ASM Cloud Security Services Profile weak authentication$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-6687
1476825.35.3F5 BIG-IP Traffic Management Microkernel Flooding denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-6686
1476816.56.5F5 BIG-IP iRule privilege escalation$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-6685
1476807.47.4F5 BIG-IP Virtual Clustered Multiprocessing privilege escalation$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-6684
1476796.46.4F5 BIG-IP Virtual Server FastL4 Profile denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-6683
1476786.46.4F5 BIG-IP ASM Security Policy denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-6682
1476776.46.4F5 BIG-IP Multicast Forwarding Cache Memory Leak denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-6681
1476766.46.4F5 BIG-IP FastL4 Virtual Server denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-6680
1476754.44.4F5 BIG-IP SCP Symlink privilege escalation$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-6679
1476745.35.3F5 BIG-IP Packet Filter Restart denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-6678
1476736.46.4F5 BIG-IP TMM denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-6677
1476726.46.4F5 BIG-IP TMM Restart denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-6676
1476716.26.0Forcepoint NGFW Security Management Center Configuration Database denial of service$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-6147
1476316.56.3VMware Workstation/Horizon View Agent DLL Loader privilege escalation$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-5539
1476307.57.2Huawei Smart Phone memory corruption$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-5276
1476294.44.4Huawei OceanStor SNS3096 Operation information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5267
1476286.46.4Huawei P30 Share denial of service$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-5266
1476276.46.4Huawei P30 Share information disclosure$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-5265
1476265.45.1Linux Kernel IAPP Location Update denial of service$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-5108
1476256.56.3Debian-edu-config ACL privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-3467
1476247.57.5ZTE ZXCLOUD GoldenData VAP weak encryption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-3431
1476233.83.8ZTE ZXCLOUD GoldenData VAP information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-3430
1476225.35.3ZTE ZXCLOUD GoldenData VAP Log File information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-3429
1476206.46.4libIEC61850 ber_decode.c BerDecoder_decodeUint32 memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19944
1476195.45.4Red Hat Ceph Storage RADOS Gateway Daemon denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19337
1476185.45.4F5 BIG-IP/BIG-IQ/iWorkflow/Enterprise Manager TMOS Shell privilege escalation$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-19151
1476173.83.8F5 BIG-IP APM Log information disclosure$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-19150
1476165.45.4virglrenderer Command vrend_renderer.c vrend_renderer_transfer_write_iov memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-18391
1476155.55.5virglrenderer Command vrend_renderer.c vrend_blit_need_swizzle memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-18390
1476146.56.5virglrenderer vrend_renderer.c vrend_renderer_transfer_write_iov memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-18389
1476134.44.4virglrenderer Command vrend_renderer.c denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-18388
1476126.56.5PLC Editor Project File memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-18236
1476118.58.5Equinox Control Expert sql injection$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-18234
1476107.57.5Orckestra C1 CMS Deserialization Composite.dll EntityTokenSerializer Remote Code Execution$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-18211
1476098.58.5Apache Tomcat FORM Authentication Session Fixation weak authentication$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-17563

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!