CNA Rejected

As a CVE Numbering Authority (CNA) we have to respect the CNA Rules which are defined by MITRE. These define what a vulnerability is and what requirements are neccessary to assign a CVE. Some submissions might not be eligeble to receive a CVE or their reserved CVE might be revokes for various reasons (e.g. false-positive).

Vendor

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

Ransom.REvil6
Google Cloud Platform3
Google Cloud Shell3
Amazon Azure API Management3
Backdoor.Win32.Cafeini.b3

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix17
Temporary Fix0
Workaround92
Unavailable2
Not Defined122

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept198
Unproven0
Not Defined35

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical0
Local12
Adjacent13
Network208

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High1
Low115
None117

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required22
None211

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

VulDB

≤10
≤20
≤31
≤420
≤529
≤639
≤767
≤871
≤91
≤105

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

Exploit 0-day

<1k36
<2k76
<5k104
<10k11
<25k4
<50k1
<100k1
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

IDVulnerabilityPublishedCreatedUpdatedStatus
257884Win32.STOP.Ransomware build2.exe channel accessible03/25/202403/25/202403/25/2024rejected
257781mglowinski93 FinanseWebApplication balance.php sql injection09/22/202003/23/202403/23/2024rejected
257464Backdoor.Win32.Emegrab.b TCP Service stack-based overflow03/20/202403/20/202403/20/2024rejected
256322Backdoor.Win32.Beastdoor.oq Service Port 1332 backdoor03/10/202403/10/202403/10/2024rejected
256317Backdoor.Win32.Agent.amt FTP Server missing authentication03/10/202403/10/202403/10/2024rejected
256316Backdoor.Win32.Jeemp.c ESMTP Server hard-coded credentials03/10/202403/10/202403/10/2024rejected
254695Backdoor.Win32.AutoSpy.10 Service Port 1008 access control02/24/202402/24/202402/24/2024rejected
254693Backdoor.Win32.Armageddon.r Service Port 5859 hard-coded password02/24/202402/24/202402/24/2024rejected
252693Trojan.Win32 BankShot Service Port 1978 stack-based overflow02/02/202402/02/202402/02/2024rejected
251679TrojanSpy.Win32.Nivdort jwgaklb.exe default permission01/21/202401/21/202401/21/2024rejected
250563Backdoor.Win32.Carbanak unprotected alternate channel01/12/202401/12/202401/12/2024rejected
249085Google Cloud Platform StackDriver server-side request forgery12/27/202312/27/202312/27/2023rejected
240277Microsoft Azure Front Door HTTP Header Remote Code Execution09/25/202309/25/202309/25/2023rejected
240258Google Cloud Shell Markdown Viewer cross site scripting09/25/202309/25/202309/25/2023rejected
240257Google Cloud Shell File Upload cross-site request forgery09/25/202309/25/202309/25/2023rejected
240256Google Cloud Shell cross site scripting09/25/202309/25/202309/25/2023rejected
236233Google Cloud Build Log information disclosure08/06/202308/06/202308/06/2023rejected
236232Microsoft Power Platform access control08/06/202308/06/202308/06/2023rejected
230691Google Cloud Platform CloudSQL Privilege Escalation06/05/202306/05/202306/05/2023rejected
229089Amazon Azure API Management Developer Portal unrestricted upload05/15/202305/15/202305/15/2023rejected
229088Amazon Azure API Management Hosting Proxy server-side request forgery05/15/202305/15/202305/15/2023rejected
229087Amazon Azure API Management CORS Proxy server-side request forgery05/15/202305/15/202305/15/2023rejected
228981Google Cloud Platform OAuth Application GhostToken denial of service05/14/202305/14/202305/14/2023rejected
227759TOTVS Food Service Order Status resource injection04/30/202304/30/202304/30/2023rejected
227758TOTVS Food Service SMS Message cross site scripting04/30/202304/30/202304/30/2023rejected
227235Google Cloud Cloud Asset Inventory API Asset Key Thief information disclosure04/23/202304/23/202304/23/2023rejected
226948Alibaba Cloud ApsaraDB/AnalyticDB Privilege Escalation04/20/202304/20/202304/20/2023rejected
226196Amazon AWS App Runner API ListVpcConnectorsForAccount information disclosure04/17/202304/17/202304/17/2023rejected
226195Amazon AWS App Runner API ListObservabilityConfigurationsForAccount information disclosure04/17/202304/17/202304/17/2023rejected
225923Microsoft Azure On-Premises Data Gateway Power Platform Connector deserialization04/14/202304/14/202304/14/2023rejected
224105php-basic-cms admin unrestricted upload03/27/202303/27/202303/27/2023rejected
224015cojoben Coco Blog blog-web.php sql injection03/25/202303/25/202303/25/2023rejected
220828Amazon AWS CloudTrail information disclosure02/13/202302/13/202302/13/2023rejected
220826Amazon AWS Console excessive authentication02/13/202302/13/202302/13/2023rejected
220740Microsoft Azure Cognitive Search Query ACSESSED access control02/12/202302/12/202302/12/2023rejected
217563intgr uqm-wasm msgbox_macosx.m log_displayBox format string01/06/202301/06/202302/03/2023rejected
215644Backdoor.Win32.InCommander.17.b Service Port 9400 hard-coded credentials12/14/202212/14/202212/14/2022rejected
215643Ransom.Win64.AtomSilo EXE File denial of service12/14/202212/14/202212/14/2022rejected
215279Trojan-Dropper.Win32.Decay.dxv Settings.ini cleartext storage in a file or on disk12/12/202212/12/202212/12/2022rejected
214777Backdoor.Win32.Delf.gj Service Port 80 information disclosure12/03/202212/03/202212/03/2022rejected
214349Win32.Ransom.Conti permission11/25/202211/25/202211/25/2022rejected
214347Trojan.Win32.DarkNeuron.gen permission11/25/202211/25/202211/25/2022rejected
214346Backdoor.Win32.Autocrat.b Service Port 8536 hard-coded credentials11/25/202211/25/202211/25/2022rejected
214323Backdoor.Win32.Serman.a Service Port 21422 backdoor11/24/202211/24/202211/24/2022rejected
214029Trojan.Win32.Platinum.gen WTSAPI32.dll untrusted search path11/19/202211/19/202211/19/2022rejected
214025Backdoor.Win32.Oblivion.01.a Service Port 7826 WWPMsg.dll cleartext transmission11/19/202211/19/202211/19/2022rejected
213747Backdoor.Win32.Quux Service Port 3 hard-coded credentials11/16/202211/16/202211/16/2022rejected
213465Backdoor.Win32.RemServ.d Service Port 26103 backdoor11/12/202211/12/202211/12/2022rejected
213354Trojan.MSIL.Agent.gen Service Port 19334 information disclosure11/10/202211/10/202211/10/2022rejected
213353Backdoor.Win32.Aphexdoor.LiteSock Service Port 1080 stack-based overflow11/10/202211/10/202211/10/2022rejected

183 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!