Exploits 11/18/2019info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCVE
11/18/2019$0-$5k$0-$5kNVIDIA NVFlash memory corruptionNot Defined
 
 
CVE-2019-5688
11/18/2019$0-$5k$0-$5kOpenWrt ustream-ssl Man-in-the-Middle weak authenticationNot Defined
 
 
CVE-2019-5102
11/18/2019$0-$5k$0-$5kOpenWrt ustream-ssl __ustream_ssl_poll Man-in-the-Middle weak authenticationNot Defined
 
 
CVE-2019-5101
11/18/2019$0-$5k$0-$5kZTE C520V21 Web Service weak authenticationNot Defined
 
 
CVE-2019-3424
11/18/2019$0-$5k$0-$5kZTE C520V21 URL directory traversalNot Defined
 
 
CVE-2019-3423
11/18/2019$0-$5k$0-$5kPHICOMM K2 autoupgrade.lua privilege escalationNot Defined
 
 
CVE-2019-19117
11/18/2019$0-$5k$0-$5knewbee-mall NewBeeMallGoodsMapper.xml sql injectionNot Defined
 
 
CVE-2019-19113
11/18/2019$0-$5k$0-$5kOctopus Server Persistent cross site scriptingNot Defined
 
 
CVE-2019-19085
11/18/2019$0-$5k$0-$5kOctopus Deploy Package privilege escalationNot Defined
 
 
CVE-2019-19084
11/18/2019$0-$5k$0-$5kNorton App Lock privilege escalationNot Defined
 
 
CVE-2019-18373
11/18/2019$5k-$25k$5k-$25kComodo Internet Security Signature Validation signmgr.dll privilege escalationNot Defined
 
 
CVE-2019-18215
11/18/2019$0-$5k$0-$5kMicro Focus Operations Agent XML Data XML External EntityNot Defined
 
 
CVE-2019-17085
11/18/2019$0-$5k$0-$5kFooty Tipping Software AFL Web Edition File Upload Remote Code ExecutionNot Defined
 
 
CVE-2019-17058
11/18/2019$0-$5k$0-$5kFooty Tipping Software AFL Web Edition cross site scriptingNot Defined
 
 
CVE-2019-17057
11/18/2019$0-$5k$0-$5kMailbird HTML Mail Message cross site scriptingNot Defined
 
 
CVE-2019-15054
11/18/2019$0-$5k$0-$5kSocial Photo Gallery plugin Album Remote Code ExecutionNot Defined
 
 
CVE-2019-14467
11/18/2019$5k-$25k$0-$5kApache Shiro Configuration Padding weak encryptionNot Defined
 
 
CVE-2019-12422
11/18/2019$5k-$25k$5k-$25kApache Solr Configuration File solr.in.sh privilege escalationNot Defined
 
 
CVE-2019-12409
11/18/2019$0-$5k$0-$5kSandline Centraleyezer File Upload Stored cross site scriptingNot Defined
 
 
CVE-2019-12311
11/18/2019$0-$5k$0-$5kSandline Centraleyezer Category Stored cross site scriptingNot Defined
 
 
CVE-2019-12299
11/18/2019$0-$5k$0-$5kSandline Centraleyezer File Upload privilege escalationNot Defined
 
 
CVE-2019-12271
11/18/2019$0-$5k$0-$5kelliptic-php Private Key Elliptic-Curve information disclosureNot Defined
 
 
CVE-2019-10764
11/18/2019$0-$5k$0-$5kPimcore pimcore sql injectionNot Defined
 
 
CVE-2019-10763
11/18/2019$0-$5k$0-$5kCodehaus jackson-mapper-asl XML Data XML External EntityNot Defined
 
 
CVE-2019-10172
11/18/2019$5k-$25k$0-$5kApache Atlas Search Stored cross site scriptingNot Defined
 
 
CVE-2019-10070
11/18/2019$0-$5k$0-$5kPlex Media Server Access Control privilege escalationNot Defined
 
 
CVE-2018-21031
11/18/2019$0-$5k$0-$5kRaritan CommandCenter Secure Gateway XML Data XML External EntityNot Defined
 
 
CVE-2018-20687
11/18/2019$0-$5k$0-$5kBlackBoard Learn bb-auth-provider-cas Authentication Module spoofingNot Defined
 
 
CVE-2018-13257
11/18/2019$0-$5k$0-$5kTBOOT Boot Loader loader.c privilege escalationNot Defined
 
 
CVE-2014-5118
11/18/2019$0-$5k$0-$5kJenkins CI Game Plugin cross site scriptingNot Defined
 
 
CVE-2012-4441
11/18/2019$0-$5k$0-$5kJenkins Violations Plugin cross site scriptingNot Defined
 
 
CVE-2012-4440
11/18/2019$0-$5k$0-$5kJenkins URL cross site scriptingNot Defined
 
 
CVE-2012-4439
11/18/2019$0-$5k$0-$5kJenkins privilege escalationNot Defined
 
 
CVE-2012-4438
11/18/2019$0-$5k$0-$5kDistributed Ruby instance_eval unknown vulnerabilityNot Defined
 
 
CVE-2011-5331
11/18/2019$0-$5k$0-$5kDistributed Ruby Syscall unknown vulnerabilityNot Defined
 
 
CVE-2011-5330
11/18/2019$0-$5k$0-$5kIceweasel-firegpg Temp File Symlink privilege escalationNot Defined
 
 
CVE-2008-7273
11/18/2019$5k-$25k$0-$5kLinux Kernel dc clock_source_create() Memory Leak denial of serviceNot Defined
 
 
CVE-2019-19083
11/18/2019$5k-$25k$0-$5kLinux Kernel dc create_resource_pool() Memory Leak denial of serviceNot Defined
 
 
CVE-2019-19082
11/18/2019$5k-$25k$0-$5kLinux Kernel main.c nfp_flower_spawn_vnic_reprs() Memory Leak denial of serviceNot Defined
 
 
CVE-2019-19081
11/18/2019$5k-$25k$0-$5kLinux Kernel main.c nfp_flower_spawn_phy_reprs() Memory Leak denial of serviceNot Defined
 
 
CVE-2019-19080

Want to stay up to date on a daily basis?

Enable the mail alert feature now!