Exploits 12/11/2019info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
12/11/2019$5k-$25k$0-$5kMicrosoft Visual Studio Git privilege escalationNot Defined
 
 
0.00CVE-2019-1351
12/11/2019$5k-$25k$5k-$25kIBM Spectrum Scale Command privilege escalationNot Defined
 
 
0.00CVE-2019-4715
12/11/2019$5k-$25k$0-$5kIBM Spectrum Scale Web UI cross site scriptingNot Defined
 
 
0.00CVE-2019-4665
12/11/2019$0-$5k$0-$5kBlink XT2 Sync Module Network Configuration Command privilege escalationNot Defined
 
 
0.00CVE-2019-3989
12/11/2019$0-$5k$0-$5kBlink XT2 Sync Module WiFi privilege escalationNot Defined
 
 
0.00CVE-2019-3988
12/11/2019$0-$5k$0-$5kBlink XT2 Sync Module WiFi privilege escalationNot Defined
 
 
0.00CVE-2019-3987
12/11/2019$0-$5k$0-$5kBlink XT2 Sync Module WiFi privilege escalationNot Defined
 
 
0.00CVE-2019-3986
12/11/2019$0-$5k$0-$5kBlink XT2 Sync Module WiFi privilege escalationNot Defined
 
 
0.00CVE-2019-3985
12/11/2019$0-$5k$0-$5kBlink XT2 Sync Module UART Command privilege escalationNot Defined
 
 
0.00CVE-2019-3983
12/11/2019$0-$5k$0-$5kbson-objectid ObjectID() privilege escalationNot Defined
 
 
0.09CVE-2019-19729
12/11/2019$0-$5k$0-$5ksysstat sa_common.c check_file_actlst Double-Free memory corruptionNot Defined
 
 
0.00CVE-2019-19725
12/11/2019$0-$5k$0-$5kZoho ManageEngine Applications Manager Agent.java sql injectionNot Defined
 
 
0.09CVE-2019-19650
12/11/2019$0-$5k$0-$5kZoho ManageEngine Applications Manager SyncEventServlet.java doGet sql injectionNot Defined
 
 
0.00CVE-2019-19649
12/11/2019$5k-$25k$0-$5kXen VMX VMEntry Check Crash denial of serviceNot Defined
 
 
0.00CVE-2019-19583
12/11/2019$0-$5k$0-$5kXen Bit Iteration Loop denial of serviceNot Defined
 
 
0.00CVE-2019-19582
12/11/2019$0-$5k$0-$5kXen Bit Iteration Out-of-Bounds denial of serviceNot Defined
 
 
0.00CVE-2019-19581
12/11/2019$5k-$25k$5k-$25kXen Incomplete Fix race conditionNot Defined
 
 
0.00CVE-2019-19580
12/11/2019$0-$5k$0-$5kXen Pagetable denial of serviceNot Defined
 
 
0.00CVE-2019-19578
12/11/2019$0-$5k$0-$5kXen Pagetable privilege escalationNot Defined
 
 
0.00CVE-2019-19577
12/11/2019$0-$5k$0-$5kSquiz Matrix CMS File Upload form_question_type_file_upload.inc denial of serviceNot Defined
 
 
0.00CVE-2019-19374
12/11/2019$0-$5k$0-$5kSquiz Matrix CMS page_remote_content.inc Remote Code ExecutionNot Defined
 
 
0.11CVE-2019-19373
12/11/2019$5k-$25k$5k-$25kSymantec Messaging Gateway Server-Side Request ForgeryNot Defined
 
 
0.00CVE-2019-18379
12/11/2019$0-$5k$0-$5kSymantec Messaging Gateway cross site scriptingNot Defined
 
 
0.00CVE-2019-18378
12/11/2019$5k-$25k$0-$5kSymantec Messaging Gateway privilege escalationNot Defined
 
 
0.08CVE-2019-18377
12/11/2019$0-$5k$0-$5kReliable Controls LicenseManager privilege escalationNot Defined
 
 
0.00CVE-2019-18245
12/11/2019$0-$5k$0-$5kSafenet Sentinel LDK License Manager Service privilege escalationNot Defined
 
 
0.00CVE-2019-18232
12/11/2019$0-$5k$0-$5kMicro Focus AcuToWeb File Download information disclosureNot Defined
 
 
0.09CVE-2019-17087
12/11/2019$0-$5k$0-$5kAtlassian FishEye/Crucible removeStarAjax.do privilege escalationNot Defined
 
 
0.00CVE-2019-15009
12/11/2019$0-$5k$0-$5kAtlassian FishEye/Crucible branchreview cross site scriptingNot Defined
 
 
0.00CVE-2019-15008
12/11/2019$0-$5k$0-$5kAtlassian FishEye/Crucible Branch cross site scriptingNot Defined
 
 
0.00CVE-2019-15007
12/11/2019$0-$5k$0-$5kLinux/FreeBSD/OpenBSD/MacOS/iOS/Android VPN weak encryptionNot Defined
 
 
0.00CVE-2019-14899
12/11/2019$0-$5k$0-$5kwolfSSL/wolfCrypt DSA Nonce Generator dsa.c Key weak encryptionNot Defined
 
 
0.00CVE-2019-14317
12/11/2019$0-$5k$0-$5kenshrined svg-sanitize privilege escalationNot Defined
 
 
0.00CVE-2019-10772
12/11/2019$5k-$25k$0-$5kSAP Enable Now User information disclosureNot Defined
 
 
0.07CVE-2019-0405
12/11/2019$5k-$25k$0-$5kSAP Enable Now Error Message information disclosureNot Defined
 
 
0.00CVE-2019-0404
12/11/2019$5k-$25k$0-$5kSAP Enable Now command injectionNot Defined
 
 
0.00CVE-2019-0403
12/11/2019$0-$5k$0-$5kSAP Adaptive Server Enterprise information disclosureNot Defined
 
 
0.00CVE-2019-0402
12/11/2019$5k-$25k$5k-$25kSAP Project Management Project Dashboard information disclosureNot Defined
 
 
0.00CVE-2019-0399
12/11/2019$0-$5k$0-$5kSAP BusinessObjects Business Intelligence Platform cross site request forgeryNot Defined
 
 
0.00CVE-2019-0398
12/11/2019$0-$5k$0-$5kSAP BusinessObjects Business Intelligence Platform Fiori BI Launchpad Stored cross site scriptingNot Defined
 
 
0.00CVE-2019-0395

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!