CNA Rejected

As a CVE Numbering Authority (CNA) we have to respect the CNA Rules which are defined by MITRE. These define what a vulnerability is and what requirements are neccessary to assign a CVE. Some submissions might not be eligeble to receive a CVE or their reserved CVE might be revokes for various reasons (e.g. false-positive).

Vendor

Not Defined196
Google8
Microsoft7
Amazon7
TOTVS2

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

Ransom.REvil6
Google Cloud Platform3
Google Cloud Shell3
Amazon Azure API Management3
Backdoor.Win32.Cafeini.b3

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix18
Temporary Fix0
Workaround94
Unavailable2
Not Defined123

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept201
Unproven0
Not Defined36

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical0
Local13
Adjacent14
Network210

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High1
Low118
None118

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required22
None215

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

VulDB

≤10
≤20
≤31
≤422
≤529
≤639
≤768
≤872
≤91
≤105

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

Exploit 0-day

<1k37
<2k78
<5k104
<10k12
<25k4
<50k1
<100k1
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

IDVulnerabilitySubmissionCreatedUpdatedSubmitCNA
261675Backdoor.Win32.Dumador.c FTP Server stack-based overflow04/16/202404/20/202404/20/2024317195rejected
260899Microsoft Azure Site Recovery ASR Service information disclosure04/16/202404/16/2024
 
rejected
259699Trojan.Win32.Razy.abc SmartData memory corruption04/08/202404/08/202404/08/2024312218rejected
259064Backdoor.Win32.Agent.ju weak credentials04/02/202404/02/202404/02/2024308491rejected
257884Win32.STOP.Ransomware build2.exe channel accessible03/23/202403/25/202403/25/2024303269rejected
257781mglowinski93 FinanseWebApplication balance.php sql injection03/23/202403/23/2024
 
rejected
257464Backdoor.Win32.Emegrab.b TCP Service stack-based overflow03/14/202403/20/202403/20/2024298426rejected
256322Backdoor.Win32.Beastdoor.oq Service Port 1332 backdoor03/10/202403/10/202403/10/2024295997rejected
256317Backdoor.Win32.Agent.amt FTP Server missing authentication02/29/202403/10/202403/10/2024290302rejected
256316Backdoor.Win32.Jeemp.c ESMTP Server hard-coded credentials02/29/202403/10/202403/10/2024290275rejected
254695Backdoor.Win32.AutoSpy.10 Service Port 1008 access control02/24/202402/24/202402/24/2024287313rejected
254693Backdoor.Win32.Armageddon.r Service Port 5859 hard-coded password02/23/202402/24/202402/24/2024286573rejected
252693Trojan.Win32 BankShot Service Port 1978 stack-based overflow01/31/202402/02/202402/02/2024275574rejected
251679TrojanSpy.Win32.Nivdort jwgaklb.exe default permission01/21/202401/21/202401/21/2024270837rejected
250563Backdoor.Win32.Carbanak unprotected alternate channel01/10/202401/12/202401/12/2024265217rejected
249085Google Cloud Platform StackDriver server-side request forgery12/27/202312/27/2023
 
rejected
240277Microsoft Azure Front Door HTTP Header Remote Code Execution09/25/202309/25/2023
 
rejected
240258Google Cloud Shell Markdown Viewer cross site scripting09/25/202309/25/2023
 
rejected
240257Google Cloud Shell File Upload cross-site request forgery09/25/202309/25/2023
 
rejected
240256Google Cloud Shell cross site scripting09/25/202309/25/2023
 
rejected
236233Google Cloud Build Log information disclosure08/06/202308/06/2023
 
rejected
236232Microsoft Power Platform access control08/06/202308/06/2023
 
rejected
230691Google Cloud Platform CloudSQL Privilege Escalation06/05/202306/05/2023
 
rejected
229089Amazon Azure API Management Developer Portal unrestricted upload05/15/202305/15/2023
 
rejected
229088Amazon Azure API Management Hosting Proxy server-side request forgery05/15/202305/15/2023
 
rejected
229087Amazon Azure API Management CORS Proxy server-side request forgery05/15/202305/15/2023
 
rejected
228981Google Cloud Platform OAuth Application GhostToken denial of service05/14/202305/14/2023
 
rejected
227759TOTVS Food Service Order Status resource injection04/30/202304/30/202304/30/2023150587rejected
227758TOTVS Food Service SMS Message cross site scripting04/30/202304/30/202304/30/2023150588rejected
227235Google Cloud Cloud Asset Inventory API Asset Key Thief information disclosure04/23/202304/23/2023
 
rejected
226948Alibaba Cloud ApsaraDB/AnalyticDB Privilege Escalation04/20/202304/20/2023
 
rejected
226196Amazon AWS App Runner API ListVpcConnectorsForAccount information disclosure04/17/202304/17/2023
 
rejected
226195Amazon AWS App Runner API ListObservabilityConfigurationsForAccount information disclosure04/17/202304/17/2023
 
rejected
225923Microsoft Azure On-Premises Data Gateway Power Platform Connector deserialization04/14/202304/14/2023
 
rejected
224105php-basic-cms admin unrestricted upload03/26/202303/27/202303/27/2023106038rejected
224015cojoben Coco Blog blog-web.php sql injection03/24/202303/25/202303/25/2023105218rejected
220828Amazon AWS CloudTrail information disclosure02/13/202302/13/2023
 
rejected
220826Amazon AWS Console excessive authentication02/13/202302/13/2023
 
rejected
220740Microsoft Azure Cognitive Search Query ACSESSED access control02/12/202302/12/2023
 
rejected
217563intgr uqm-wasm msgbox_macosx.m log_displayBox format string01/06/202302/03/2023
 
rejected
215644Backdoor.Win32.InCommander.17.b Service Port 9400 hard-coded credentials12/14/202212/14/202212/14/202256937rejected
215643Ransom.Win64.AtomSilo EXE File denial of service12/14/202212/14/202212/14/202256938rejected
215279Trojan-Dropper.Win32.Decay.dxv Settings.ini cleartext storage in a file or on disk12/12/202212/12/202212/12/202256385rejected
214777Backdoor.Win32.Delf.gj Service Port 80 information disclosure12/02/202212/03/202212/03/202254215rejected
214349Win32.Ransom.Conti permission11/25/202211/25/202211/25/202253374rejected
214347Trojan.Win32.DarkNeuron.gen permission11/25/202211/25/202211/25/202253352rejected
214346Backdoor.Win32.Autocrat.b Service Port 8536 hard-coded credentials11/24/202211/25/202211/25/202253347rejected
214323Backdoor.Win32.Serman.a Service Port 21422 backdoor11/23/202211/24/202211/24/202253088rejected
214029Trojan.Win32.Platinum.gen WTSAPI32.dll untrusted search path11/19/202211/19/202211/19/202252631rejected
214025Backdoor.Win32.Oblivion.01.a Service Port 7826 WWPMsg.dll cleartext transmission11/19/202211/19/202211/19/202252711rejected

187 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 187 results.

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!