Exploits 08/01/2018info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCVE
08/01/2018$25k-$100k$0-$5kHP Printer memory corruptionNot Defined
 
 
CVE-2018-5925
08/01/2018$25k-$100k$0-$5kHP Printer memory corruptionNot Defined
 
 
CVE-2018-5924
08/01/2018$5k-$25k$5k-$25kApache Tomcat WebSocket Client weak authenticationNot Defined
 
 
CVE-2018-8034
08/01/2018$0-$5k$0-$5kFoxit Reader Javascript Engine Use-After-Free memory corruptionNot Defined
 
 
CVE-2018-3939
08/01/2018$0-$5k$0-$5kFoxit Reader Javascript Engine Use-After-Free memory corruptionNot Defined
 
 
CVE-2018-3924
08/01/2018$0-$5k$0-$5kComputerinsel PhotoLine PCX Image Out-of-Bounds memory corruptionNot Defined
 
 
CVE-2018-3923
08/01/2018$0-$5k$0-$5kComputerinsel PhotoLine ANI Parser Stack-based memory corruptionNot Defined
 
 
CVE-2018-3922
08/01/2018$0-$5k$0-$5kComputerinsel PhotoLine PSD Image Stack-based memory corruptionNot Defined
 
 
CVE-2018-3921
08/01/2018$0-$5k$0-$5kFocalScope XML Data XML External EntityNot Defined
 
 
CVE-2018-3881
08/01/2018$0-$5k$0-$5kCFITSIO Stack-based memory corruptionNot Defined
 
 
CVE-2018-3847
08/01/2018$5k-$25k$0-$5kIntel Smart Sound Technology Driver Module privilege escalationNot Defined
 
 
CVE-2018-3672
08/01/2018$5k-$25k$0-$5kIntel Saffron MemoryBase privilege escalationNot Defined
 
 
CVE-2018-3671
08/01/2018$5k-$25k$0-$5kIntel Smart Sound Technology Driver Module privilege escalationNot Defined
 
 
CVE-2018-3670
08/01/2018$5k-$25k$0-$5kIntel Smart Sound Technology Driver Module privilege escalationNot Defined
 
 
CVE-2018-3666
08/01/2018$5k-$25k$0-$5kIntel Saffron MemoryBase privilege escalationNot Defined
 
 
CVE-2018-3663
08/01/2018$5k-$25k$0-$5kIntel Saffron MemoryBase privilege escalationNot Defined
 
 
CVE-2018-3662
08/01/2018$0-$5k$0-$5kINTEL Distribution for Python Bypass privilege escalationNot Defined
 
 
CVE-2018-3650
08/01/2018$0-$5k$0-$5kTinfoil Security Plugin TinfoilScanRecorder.java API Key information disclosureNot Defined
 
 
CVE-2018-1999041
08/01/2018$0-$5k$0-$5kKubernetes Plugin KubernetesCloud.java Credentials information disclosureNot Defined
 
 
CVE-2018-1999040
08/01/2018$0-$5k$0-$5kConfluence Publisher Plugin ConfluenceSite.java Server-Side Request ForgeryNot Defined
 
 
CVE-2018-1999039
08/01/2018$0-$5k$0-$5kPublisher Over CIFS Plugin CIFS Server CifsPublisherPluginDescriptor.java privilege escalationNot Defined
 
 
CVE-2018-1999038
08/01/2018$0-$5k$0-$5kResource Disposer Plugin AsyncResourceDisposer.java privilege escalationNot Defined
 
 
CVE-2018-1999037
08/01/2018$0-$5k$0-$5kSSH Agent Plugin SSHAgentStepExecution.java Private Key information disclosureNot Defined
 
 
CVE-2018-1999036
08/01/2018$0-$5k$0-$5kInedo BuildMaster Plugin BuildMasterConfiguration.java Man-in-the-Middle weak authenticationNot Defined
 
 
CVE-2018-1999035
08/01/2018$0-$5k$0-$5kInedo ProGet Plugin ProGetApi.java Man-in-the-Middle weak authenticationNot Defined
 
 
CVE-2018-1999034
08/01/2018$0-$5k$0-$5kAnchore Container Image Scanner Plugin AnchoreBuilder.java Password information disclosureNot Defined
 
 
CVE-2018-1999033
08/01/2018$0-$5k$0-$5kAgiletestware Pangolin Connector for TestRail Plugin GlobalConfig.java privilege escalationNot Defined
 
 
CVE-2018-1999032
08/01/2018$0-$5k$0-$5kmeliora-testlab Plugin TestlabNotifier.java API Key information disclosureNot Defined
 
 
CVE-2018-1999031
08/01/2018$0-$5k$0-$5kMaven Artifact ChoiceListProvider Plugin ArtifactoryChoiceListProvider.java Credentials information disclosureNot Defined
 
 
CVE-2018-1999030
08/01/2018$0-$5k$0-$5kShelve Project Plugin index.jelly cross site scriptingNot Defined
 
 
CVE-2018-1999029

Do you know our Splunk app?

Download it now for free!