Exploits 04/15/2019info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCVE
04/15/2019$5k-$25k$0-$5kSymantec Endpoint Protection Manager DLL Loader privilege escalationNot Defined
 
 
CVE-2018-18367
04/15/2019$0-$5k$0-$5kSymantec Norton Security/Endpoint Protection Kernel Memory Uninitialized Memory information disclosureNot Defined
 
 
CVE-2018-18366
04/15/2019$5k-$25k$0-$5kSymantec Norton Security/Endpoint Protection SBE DLL Loader privilege escalationNot Defined
 
 
CVE-2018-18369
04/15/2019$0-$5k$0-$5kZoho ManageEngine ADManager Plus Directory Permission privilege escalationProof-of-Concept
 
LinkCVE-2018-19374
04/15/2019$0-$5k$0-$5kZyXEL ATP500/USG40/USG1900/ZyWALL310/ZyWALL1100 ?mobile=1 cross site scriptingProof-of-ConceptURL/JavascriptLinkCVE-2019-9955
04/15/2019$0-$5k$0-$5kF5 BIG-IP APM Secure Vault Key weak encryptionNot Defined
 
 
CVE-2019-6609
04/15/2019$0-$5k$0-$5kMoxa IKS-G6824A/EDS-405A/EDS-408A/EDS-510A Plaintext weak encryptionNot Defined
 
 
CVE-2019-6526
04/15/2019$5k-$25k$0-$5kVMware ESXi/Workstation/Fusion 3D Graphics Out-of-Bounds memory corruptionNot Defined
 
 
CVE-2019-5520
04/15/2019$5k-$25k$0-$5kVMware ESXi/Workstation/Fusion Shader Translator Out-of-Bounds memory corruptionNot Defined
 
 
CVE-2019-5517
04/15/2019$5k-$25k$0-$5kVMware ESXi/Workstation/Fusion Vertex Shader Out-of-Bounds memory corruptionNot Defined
 
 
CVE-2019-5516
04/15/2019$5k-$25k$5k-$25kIBM API Connect Developer Portal Server-Side Request ForgeryNot Defined
 
 
CVE-2019-4203
04/15/2019$5k-$25k$5k-$25kIBM API Connect Developer Portal command injectionNot Defined
 
 
CVE-2019-4202
04/15/2019$5k-$25k$5k-$25kIBM Cognos Analytics URL directory traversalNot Defined
 
 
CVE-2019-4178
04/15/2019$5k-$25k$5k-$25kIBM BigFix WebUI Profile Management Back-End Database sql injectionNot Defined
 
 
CVE-2019-4012
04/15/2019$0-$5k$0-$5kRed Hat Satellite Candlepin Log information disclosureNot Defined
 
 
CVE-2019-3891
04/15/2019$0-$5k$0-$5kurllib3 CRLF privilege escalationNot Defined
 
 
CVE-2019-11236
04/15/2019$0-$5k$0-$5kGitea repo_mirror.go Remote Code ExecutionNot Defined
 
 
CVE-2019-11229
04/15/2019$0-$5k$0-$5kGitea setting.go privilege escalationNot Defined
 
 
CVE-2019-11228
04/15/2019$0-$5k$0-$5kGPAC os_divers.c gf_bin128_parse memory corruptionNot Defined
 
 
CVE-2019-11222
04/15/2019$0-$5k$0-$5kGPAC media_import.c gf_import_message() memory corruptionNot Defined
 
 
CVE-2019-11221
04/15/2019$5k-$25k$0-$5kApache Tomcat JRE Remote Code ExecutionProof-of-Concept
 
LinkCVE-2019-0232
04/15/2019$0-$5k$0-$5kShimo VPN Helper Service privilege escalationNot Defined
 
 
CVE-2018-4009
04/15/2019$0-$5k$0-$5kShimo VPN Helper Service privilege escalationNot Defined
 
 
CVE-2018-4008
04/15/2019$5k-$25k$5k-$25kIBM WebShere MQ weak encryptionNot Defined
 
 
CVE-2018-1925
04/15/2019$0-$5k$0-$5kWaimai Super CMS addsave cross site scriptingNot Defined
 
 
CVE-2018-18261
04/15/2019$0-$5k$0-$5kTribulant Slideshow Gallery Plugin cross site scriptingNot Defined
 
 
CVE-2018-18019
04/15/2019$0-$5k$0-$5kTribulant Slideshow Gallery Plugin sql injectionNot Defined
 
 
CVE-2018-18018
04/15/2019$0-$5k$0-$5kTribulant Slideshow Gallery Plugin cross site scriptingNot Defined
 
 
CVE-2018-18017
04/15/2019$0-$5k$0-$5kWP Fastest Cache Plugin cross site scriptingNot Defined
 
 
CVE-2018-17586
04/15/2019$0-$5k$0-$5kWP Fastest Cache Plugin cross site scriptingNot Defined
 
 
CVE-2018-17585
04/15/2019$0-$5k$0-$5kWP Fastest Cache Plugin admin.php cross site request forgeryNot Defined
 
 
CVE-2018-17584
04/15/2019$0-$5k$0-$5kWP Fastest Cache Plugin cross site scriptingNot Defined
 
 
CVE-2018-17583
04/15/2019$0-$5k$0-$5kmndpsingh287 File Manager Plugin cross site scriptingNot Defined
 
 
CVE-2018-16967
04/15/2019$0-$5k$0-$5kmndpsingh287 File Manager Plugin cross site request forgeryNot Defined
 
 
CVE-2018-16966
04/15/2019$5k-$25k$0-$5kMozilla Firefox Graphite2 Library read_glyph denial of serviceNot Defined
 
 
CVE-2017-7777
04/15/2019$25k-$100k$5k-$25kMozilla Firefox Graphite2 Library getClassGlyph memory corruptionNot Defined
 
 
CVE-2017-7776
04/15/2019$25k-$100k$5k-$25kMozilla Firefox Graphite2 Library readGraphite memory corruptionNot Defined
 
 
CVE-2017-7774
04/15/2019$25k-$100k$5k-$25kMozilla Firefox Graphite2 Library Decompressor decompress memory corruptionNot Defined
 
 
CVE-2017-7773
04/15/2019$25k-$100k$5k-$25kMozilla Firefox Graphite2 Library readPass memory corruptionNot Defined
 
 
CVE-2017-7771
04/15/2019$0-$5k$0-$5kIntelliants Subrion CMS cross site request forgeryNot Defined
 
 
CVE-2017-18366

Do you know our Splunk app?

Download it now for free!