CNA No CVE

As a CVE Numbering Authority (CNA) we have to respect the CNA Rules which are defined by MITRE. These define what a vulnerability is and what requirements are neccessary to assign a CVE. Some submissions might not be eligeble to receive a CVE or their reserved CVE might be revokes for various reasons (e.g. false-positive).

Vendor

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

FFmpeg450
Microsoft Windows434
Microsoft Internet Explorer111
cPanel70
ImageMagick49

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix2825
Temporary Fix7
Workaround1210
Unavailable368
Not Defined4158

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High135
Functional57
Proof-of-Concept3157
Unproven163
Not Defined5056

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical3
Local2509
Adjacent183
Network5873

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High12
Low5646
None2910

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required1729
None6839

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

VulDB

≤10
≤21
≤318
≤42024
≤5715
≤62632
≤71725
≤81082
≤9109
≤10262

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

Exploit 0-day

<1k359
<2k2268
<5k3493
<10k500
<25k867
<50k709
<100k306
≥100k66

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

IDVulnerabilitySubmissionCreatedUpdatedSubmitCNA
295755codeprojects Job Recruitment Administrator Login Page $role cross site scripting02/11/202502/13/202502/13/2025498524
in progress
290271Microsoft Azure Data Factory Apache Airflow access control01/06/202501/06/2025
 
 
289150ISC BIND QPzone NSEC3 assertion12/21/202412/21/2024
 
in progress
285146Google Cloud Vertex AI Workbench server-side request forgery11/19/202411/19/2024
 
 
284946Google Cloud IAP information disclosure11/18/202411/18/2024
 
 
284580Microsoft Azure Machine Learning Cloud Audit Log server-side request forgery11/14/202411/14/2024
 
 
282059Amazon AWS Cloud Development Kit S3 Bucket Name Format random values10/28/202410/28/2024
 
in progress
282023Google Kubernetes Engine API Server improper authentication10/28/202410/28/2024
 
 
281988Microsoft Azure Machine Learning Service server-side request forgery10/27/202410/27/2024
 
 
279050Backdoor.Win32.Benju.a missing authentication10/01/202410/02/202410/02/2024416704rejected
278834Backdoor.Win32.Prorat.jz FTP Service stack-based overflow09/27/202409/28/202409/28/2024415150rejected
278833Backdoor.Win32.Amatu.a Service Port 2121 mine.exe backdoor09/27/202409/28/202409/28/2024415149rejected
278832Backdoor.Win32.Agent.pw Service Port 21111 stack-based overflow09/27/202409/28/202409/28/2024415145rejected
278831Backdoor.Win32.Boiling Service Port 4369 backdoor09/27/202409/28/202409/28/2024415144rejected
278462Google Document AI permission09/25/202409/25/2024
 
rejected
278461Microsoft Copilot Studio Cloud Console Private API Service insufficient logging09/25/202409/25/2024
 
rejected
278460Google Bazel config09/25/202409/25/2024
 
rejected
278391Google Cloud Storage XML API Audit Log insufficient logging09/24/202409/25/2024
 
rejected
278263Google Cloud Composer GCP Service injection09/22/202409/25/2024
 
rejected
278247Backdoor.Win32.BlackAngel.13 Service Port 1850 backdoor09/18/202409/21/202409/21/2024409906rejected
278246Backdoor.Win32.CCInvader.10 FTP Server improper authentication09/18/202409/21/202409/21/2024409905rejected
278245Backdoor.Win32.Delf.yj Service Port 8080 information disclosure09/18/202409/21/202409/21/2024409904rejected
276772Backdoor.Win32.Symmi.qua ksomnbi.dll stack-based overflow09/04/202409/06/202409/06/2024402091rejected
276771HackTool.Win32.Freezer.br credentials storage09/04/202409/06/202409/06/2024402090rejected
276770Backdoor.Win32.Optix.02.b TCP Port 5151 hard-coded credentials09/04/202409/06/202409/06/2024402082rejected
276769Backdoor.Win32.JustJoke.21 TCP Port 28072 improper authentication09/04/202409/06/202409/06/2024402081rejected
276768Backdoor.Win32.PoisonIvy.ymw PoisonIvy PE File Generator PILib.dll cleartext storage09/04/202409/06/202409/06/2024402080rejected
274118Backdoor.Win32.Nightmare.25 Service Port 666 improper authentication08/10/202408/10/202408/10/2024388719rejected
273539FFmpeg jpegxl_anim_dec.c jpegxl_collect_codestream_header use after free07/17/202408/03/202408/03/2024376451rejected
273538FFmpeg get_bits.h get_bits_long stack-based overflow07/17/202408/03/202408/03/2024376450rejected
273288Google Cloud Shell ssh.cloud.google.com redirect07/31/202407/31/2024
 
 
272289Amazon AWS ElasticSearch Index Name information disclosure07/23/202407/23/2024
 
 
272288Amazon AWS CodeBuild Token information disclosure07/23/202407/23/2024
 
 
272287Amazon AWS AppFlow WooCommerce Connector server-side request forgery07/23/202407/23/2024
 
 
272286Amazon AWS AppFlow information disclosure07/23/202407/23/2024
 
 
272285Amazon AWS IAM access control07/23/202407/23/2024
 
 
272284Google Cloud Platform Resource Manager access control07/23/202407/23/2024
 
 
269941Google Cloud Storage XML API/Cloud IAM HMAC Key obscured security-relevant information by alternate name06/28/202406/28/2024
 
 
269940Google Cloud Storage XML API/Cloud IAM HMAC Key credentials management06/28/202406/28/2024
 
 
269939Google Cloud Storage XML API/Cloud IAM HMAC Key insufficient logging06/28/202406/28/2024
 
 
269161Backdoor.Win32.Plugx McAfeeOEMInfoOME Service mcutil.dll permission06/18/202406/20/202406/20/2024358944rejected
267982Amazon AWS AppStream information disclosure06/11/202406/11/2024
 
 
267981Amazon Q for Business Prompt injection06/11/202406/11/2024
 
 
267980Amazon AWS IAM Identity Center JTI authentication replay06/11/202406/11/2024
 
 
267525Trojan.Win32.DarkGateLoader urlmon.dll uncontrolled search path06/06/202406/09/202406/09/2024350877rejected
265195Microsoft Azure Container Registry password in configuration file05/19/202405/19/2024
 
 
264458TrojanSpy.Win64.EMOTET.A CRYPTBASE.dll uncontrolled search path05/14/202405/15/202405/15/2024333720rejected
264457Backdoor.Win32.AsyncRat CRYPTSP.dll uncontrolled search path05/14/202405/15/202405/15/2024333719rejected
264440Panel.SmokeLoader control1.php cross-site request forgery05/11/202405/15/202405/15/2024332801rejected
264439Panel.SmokeLoader control1.php cross site scripting05/11/202405/15/202405/15/2024332796rejected

8518 more entries are not shown

Do you know our Splunk app?

Download it now for free!