Recent December 2019


The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

12/31/20196.76.7SonicOS Configuration Mode improper authorization$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2019-7479
12/31/20198.58.5GMS Webservice Module sql injection$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2019-7478
12/31/20194.34.3IBM MQ Data Conversion Routine denial of service$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2019-4655
12/31/20194.74.7IBM Cognos Analytics Web UI cross site scriting$5k-$25k$0-$5kNot DefinedNot Defined0.07CVE-2019-4623
12/31/20195.45.4IBM Cognos Analytics origin validation$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2019-4343
12/31/20194.74.7IBM Watson Studio Local Key File information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2019-4335
12/31/20196.46.4QEMU core.c ide_dma_cb improper check for unusual conditions$0-$5k$5k-$25kNot DefinedNot Defined0.10CVE-2019-20175
12/31/20196.56.3SerenityOS Syscall MemoryManager.cpp privileges management$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-20172
12/31/20194.44.4GPAC box_code_base.c metx_New missing release of resource$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2019-20171
12/31/20194.44.4GPAC ipmpx_code.c GF_IPMPX_AUTH_Delete release of reference$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2019-20170
12/31/20195.45.4GPAC box_code_base.c trak_Read use after free$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2019-20169
12/31/20195.45.4GPAC box_funcs.c gf_isom_box_dump_ex use after free$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2019-20168
12/31/20194.44.4GPAC box_code_drm.c senc_Parse null pointer dereference$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2019-20167
12/31/20194.44.4GPAC box_dump.c gf_isom_dump null pointer dereference$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2019-20166
12/31/20194.44.4GPAC box_code_apple.c ilst_item_Read null pointer dereference$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2019-20165
12/31/20194.44.4GPAC box_funcs.c gf_isom_box_del null pointer dereference$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2019-20164
12/31/20194.44.4GPAC descriptors.c gf_odf_avc_cfg_write_bs null pointer dereference$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-20163
12/31/20195.45.4GPAC box_funcs.c gf_isom_box_parse_ex out-of-bounds write$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-20162
12/31/20195.45.4GPAC ipmpx_code.c ReadGF_IPMPX_WatermarkingInit out-of-bounds write$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-20161
12/31/20195.45.4GPAC av_parsers.c av1_parse_tile_group out-of-bounds write$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-20160
12/31/20194.44.4GPAC box_code_base.c dinf_New missing release of resource$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-20159
12/31/20197.47.4kind-of Type Detection index.js ctorName injection$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2019-20149
12/31/20195.25.2Laborator Neon Theme autosuggest-remote.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.13CVE-2019-20141
12/31/20197.57.5libsixel fromgif.c gif_out_code out-of-bounds write$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-20140
12/31/20194.44.4Nagios XI nocscreenapi.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-20139
12/31/20196.26.2Linux Kernel f2fs Filesystem ttm_page_alloc.c. ttm_put_pages out-of-bounds read$5k-$25k$0-$5kNot DefinedNot Defined0.05CVE-2019-19927
12/31/20195.35.3MFScripts YetiShare _account_forgot_password.ajax.php information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-19806
12/31/20194.54.5MFScripts YetiShare _account_forgot_password.ajax.php information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-19805
12/31/20195.65.6MFScripts YetiShare Session Cookie information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-19739
12/31/20195.25.2MFScripts YetiShare log_file_viewer.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.26CVE-2019-19738
12/31/20196.56.5MFScripts YetiShare Session Cookie cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2019-19737
12/31/20195.25.2MFScripts YetiShare Session Cookie httponly permission assignment$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-19736
12/31/20196.46.4MFScripts YetiShare Password Reset class.userpeer.php unknown vulnerability$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2019-19735
12/31/20197.57.5MFScripts YetiShare _account_move_file_in_folder.ajax.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-19734
12/31/20195.25.2MFScripts YetiShare _get_all_file_server_paths.ajax.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-19733
12/31/20195.95.9MFScripts YetiShare translation_manage_text.ajax.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2019-19732
12/31/20196.56.3TinyWall Controller Debug Memory privileges management$0-$5k$0-$5kNot DefinedOfficial Fix0.11CVE-2019-19470
12/31/20197.27.2XMLBlueprint XML Data xml injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-19032
12/31/20197.27.2Easy XML Editor XML Data xml injection$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2019-19031
12/31/20199.89.8D-Link DIR-859 UPnP Service gena.cgi os command injection$25k-$100k$25k-$100kNot DefinedNot Defined0.14CVE-2019-17621

Do you need the next level of professionalism?

Upgrade your account now!