Archive 02/04/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCVE
1496975.45.1Tutor LMS Plugin cross site request forgery$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-8615
1496966.46.1Squid Web Proxy NTLM Authentication ext_lm_group_acl denial of service$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-8517
1496957.37.0Squid Web Proxy Reverse Proxy memory corruption$5k-$25k$5k-$25kNot DefinedOfficial FixCVE-2020-8450
1496947.47.1Squid Web Proxy privilege escalation$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-8449
1496938.58.5klona Remote Code Execution$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8125
1496927.47.4url-parse Security Check privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8124
1496913.83.8strapi Admin Console Restart denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8123
1496905.35.3Nextcloud Server Expiration Date privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8122
1496895.85.8Nextcloud Server information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8121
1496885.25.2Nextcloud Server svg Generation Reflected cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8120
1496874.34.3Nextcloud Server Preview information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8119
1496866.26.2Nextcloud Server Calendar Application Server-Side Request Forgery$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8118
1496854.34.3Nextcloud Server Permission information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8117
1496849.89.8dot-prop unknown vulnerability$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8116
1496835.25.2Revive Adserver afr.php Reflected cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8115
1496827.87.2MariaDB Symlink privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-7221
1496817.47.4MiniSNMPD Connection Stack-based memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-6060
1496807.27.2MiniSNMPD SNMP Packet Out-of-Bounds information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-6059
1496797.27.2MiniSNMPD SNMP Packet Out-of-Bounds information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-6058
1496785.85.8IBM WebSphere Application Server File Name privilege escalation$25k-$100k$5k-$25kNot DefinedNot DefinedCVE-2020-4163
1496775.45.4Python ZIP zipfile.py denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-9674
1496765.45.4IBM Security Identity Manager Default Credentials weak authentication$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-4675
1496754.74.7IBM Security Identity Manager directory traversal$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-4674
1496745.35.3IBM Security Directory Server URL information disclosure$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-4562
1496735.35.3IBM Security Directory Server information disclosure$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-4551
1496725.35.3IBM Security Directory Server Debugging information disclosure$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-4550
1496716.76.7IBM Security Directory Server Clickjacking privilege escalation$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-4548
1496706.56.5IBM Security Directory Server Blacklist privilege escalation$5k-$25k$5k-$25kNot DefinedNot DefinedCVE-2019-4541
1496694.84.8IBM Security Directory Server weak encryption$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-4540
1496684.74.7IBM Security Identity Manager Web UI cross site scripting$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-4451
1496674.44.4PandoraFMS Agent Management/Report Builder/Graph Builder cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19968
1496668.58.5Samsung Mobile Phone Hypervisor EL2 memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19273
1496655.65.6Nextcloud Server Group Admin privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-15624
1496645.35.3Nextcloud Server Lookup Server information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-15623
1496632.42.4Nextcloud App Query information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-15622
1496626.46.4Nextcloud Server Share privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-15621
1496612.72.7Nextcloud Talk Access Control information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-15620
1496603.63.6Nextcloud Server cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-15619
1496593.63.6NextCloud Updater Reflected cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-15618
1496585.95.9Nextcloud Server privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-15617
1496574.34.3NextCloud DNS privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-15616
1496565.45.4Nextcloud App Lock Protection weak authentication$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-15615
1496554.14.1Nextcloud App cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-15614
1496548.08.0Nextcloud Server Workflow Rule privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-15613
1496535.05.0Nextcloud Server 2FA Login Expired weak authentication$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-15612
1496525.65.6Nextcloud App information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-15611
1496515.35.3Circles App Email Address privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-15610
1496506.46.1Squid Web Proxy FTP Server Heap-based information disclosure$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-12528
1496498.57.9im-metadata Command privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-10788
1496488.57.9im-resize index.js Command privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-10787

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!