Updates September 2019

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
09/24/20195.75.3MantisBT bug_change_status_page.php cross site scripting(6): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_classFunctionalOfficial Fix0.00CVE-2017-6797
09/16/20197.06.7Adobe Acrobat Reader Image Conversion memory corruption(5): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, advisory_person_nickname, advisory_company_nameNot DefinedOfficial Fix0.00CVE-2017-2972
09/16/20197.06.7Adobe Acrobat Reader JPEG Decoder Heap-based memory corruption(5): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, advisory_person_nickname, advisory_company_nameNot DefinedOfficial Fix0.06CVE-2017-2971
09/14/20195.34.8Apple iTunes Expat memory corruption(24): advisory_confirm_url, source_secunia, source_vupen, source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_title, source_oval_id, source_cve_nvd_published, source_iavm, source_iavm_title, source_iavm_vmskey, source_nessus_id, source_nessus_name, source_nessus_filename, source_nessus_family, source_openvas_id, source_openvas_filename, source_openvas_title, source_openvas_family, source_securityfocus_date, source_securityfocus_class, source_sectracker_date, source_sectracker_causeProof-of-ConceptOfficial Fix0.04CVE-2009-3560
09/11/20198.17.8HPE LoadRunner/Performance Center privilege escalation(7): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, countermeasure_dateNot DefinedOfficial Fix0.00CVE-2017-5789
09/10/20193.53.2PHPShell phpshell.php cross site scripting(0)Proof-of-ConceptNot Defined0.00
09/07/20195.35.0FreeBSD accept_filter Mechanism denial of service(1): advisory_person_nicknameProof-of-ConceptNot Defined0.00CVE-2002-0794
09/06/20194.04.0FreeBSD X Window tmp Symlink privilege escalation(1): vulnerability_discoverydateNot DefinedNot Defined0.00CVE-2002-0795
09/06/20195.15.1HP HP-UX swinstall denial of service(3): vulnerability_discoverydate, source_osvdb, source_osvdb_titleNot DefinedNot Defined0.00CVE-2002-0798
09/06/20197.56.7Oracle HTTP Server Web Listener denial of service(1): vulnerability_discoverydateProof-of-ConceptOfficial Fix0.00CVE-2009-1890
09/06/20196.56.2IBM DB2 DRDA Services memory corruption(14): advisory_confirm_url, source_secunia, source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_title, vulnerability_cvss3_vuldb_av, vulnerability_cvss3_vuldb_ac, vulnerability_cvss3_vuldb_pr, vulnerability_cvss3_vuldb_ui, vulnerability_cvss3_vuldb_s, vulnerability_cvss3_vuldb_c, vulnerability_cvss3_vuldb_i, vulnerability_cvss3_vuldb_aNot DefinedOfficial Fix0.00CVE-2009-1906
09/06/20197.57.5Sun OpenSolaris Kernel Patch crgetlabel denial of service(6): advisory_confirm_url, source_secunia, source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_titleNot DefinedNot Defined0.00CVE-2009-2297
09/06/20194.34.1Movabletype Six Apart Movable Type mt-wizard.cgi cross site scripting(8): advisory_confirm_url, source_secunia, source_vupen, source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_title, countermeasure_nameProof-of-ConceptOfficial Fix0.00CVE-2009-2480
09/06/20194.03.6Sun OpenSolaris information disclosure(12): advisory_confirm_url, source_sectracker, source_vupen, source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_title, source_sectracker_date, source_sectracker_cause, advisory_disputed, advisory_reportconfidence, countermeasure_dateProof-of-ConceptOfficial Fix0.00CVE-2009-1276
09/06/20197.57.2Cisco Physical Access Gateway Memory Leak denial of service(10): advisory_confirm_url, source_sectracker, source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_title, source_sectracker_date, source_sectracker_cause, advisory_disputed, advisory_reportconfidenceNot DefinedOfficial Fix0.00CVE-2009-1163
09/06/20196.56.2Cisco Video Surveillance 2500 Series IP Camera Embedded Web Server information disclosure(10): advisory_confirm_url, source_sectracker, source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_title, source_sectracker_date, source_sectracker_cause, advisory_disputed, advisory_reportconfidenceNot DefinedOfficial Fix0.00CVE-2009-2046
09/06/20197.57.2Cisco Video Surveillance Stream Manager Firmware denial of service(10): advisory_confirm_url, source_sectracker, source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_title, source_sectracker_date, source_sectracker_cause, advisory_disputed, advisory_reportconfidenceNot DefinedOfficial Fix0.00CVE-2009-2045
09/06/20196.55.9Samba Access Control List acl_group_override Uninitialized Memory denial of service(13): advisory_confirm_url, source_secunia, source_sectracker, source_vupen, source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_title, source_sectracker_date, source_sectracker_cause, advisory_disputed, advisory_reportconfidence, countermeasure_dateProof-of-ConceptOfficial Fix0.00CVE-2009-1888
09/06/201910.09.5Mozilla Thunderbird memory corruption(12): advisory_confirm_url, source_secunia, source_sectracker, source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_title, source_sectracker_date, source_sectracker_cause, advisory_disputed, advisory_reportconfidence, countermeasure_dateNot DefinedOfficial Fix0.00CVE-2009-2210
09/06/20197.37.3amule DownloadListCtrl.cpp unknown vulnerability(7): source_secunia, source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_title, countermeasure_name, countermeasure_dateNot DefinedOfficial Fix0.00CVE-2009-1440
09/06/201910.09.0Foxit Reader memory corruption(12): advisory_confirm_url, source_secunia, source_sectracker, source_vupen, source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_title, source_sectracker_date, source_sectracker_cause, advisory_disputed, countermeasure_dateProof-of-ConceptOfficial Fix0.00CVE-2009-0691
09/06/20195.65.1Foxit Reader JPEG2000/JBIG Decoder memory corruption(1): vulnerability_discoverydateProof-of-ConceptOfficial Fix0.09CVE-2009-0690
09/06/20195.35.0Git denial of service(10): source_secunia, source_sectracker, source_vupen, source_cve_assigned, vulnerability_discoverydate, source_sectracker_date, source_sectracker_cause, advisory_disputed, advisory_reportconfidence, countermeasure_nameProof-of-ConceptOfficial Fix0.00CVE-2009-2108
09/06/20195.35.0Eyrie Pam-krb5 User Account weak authentication(7): advisory_confirm_url, source_secunia, source_vupen, source_cve_assigned, vulnerability_discoverydate, countermeasure_name, countermeasure_dateProof-of-ConceptOfficial Fix0.00CVE-2009-1384
09/06/201910.09.5Adobe Shockwave Player memory corruption(15): advisory_confirm_url, source_secunia, source_sectracker, source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_title, source_openvas_id, source_openvas_filename, source_openvas_title, source_openvas_family, source_sectracker_date, source_sectracker_cause, advisory_disputed, advisory_reportconfidenceNot DefinedOfficial Fix0.00CVE-2009-1860
09/06/20195.35.0Citrix Secure Gateway denial of service(14): advisory_confirm_url, source_secunia, source_sectracker, source_vupen, source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_title, source_sectracker_date, source_sectracker_cause, advisory_disputed, advisory_reportconfidence, countermeasure_name, countermeasure_dateProof-of-ConceptOfficial Fix0.00CVE-2009-2214
09/06/20196.25.6Sun Solaris Event Port API denial of service(9): advisory_confirm_url, source_secunia, source_sectracker, source_vupen, source_cve_assigned, source_sectracker_date, source_sectracker_cause, advisory_disputed, advisory_reportconfidenceProof-of-ConceptOfficial Fix0.00CVE-2009-2135
09/06/20197.57.5Sun OpenSolaris Device Driver Memory Leak denial of service(5): advisory_confirm_url, source_secunia, source_cve_assigned, vulnerability_discoverydate, countermeasure_nameNot DefinedOfficial Fix0.00CVE-2009-2137
09/06/20197.57.1Sun OpenSolaris TCP/IP Networking Stack-Based denial of service(5): advisory_confirm_url, source_secunia, source_vupen, source_cve_assigned, vulnerability_discoverydateProof-of-ConceptNot Defined0.00CVE-2009-2136
09/06/20195.35.3Red Hat Enterprise Linux Crash denial of service(7): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_title, countermeasure_name, countermeasure_dateNot DefinedOfficial Fix0.00CVE-2009-1887
09/06/20195.35.3IBM WebSphere Application Server IBM WebSphere Portal information disclosure(6): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_title, countermeasure_dateNot DefinedNot Defined0.00CVE-2009-0899
09/06/20196.36.0Opera Web Browser Proxy Server cross site scripting(5): source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_title, countermeasure_dateNot DefinedOfficial Fix0.00CVE-2009-2059
09/06/20197.37.0Apple Safari memory corruption(7): source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_title, source_openvas_filename, source_openvas_title, source_openvas_familyNot DefinedOfficial Fix0.00CVE-2009-2058
09/06/20197.36.6Novell GroupWise Session Management unknown vulnerability(7): advisory_confirm_url, source_secunia, source_vupen, source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_titleProof-of-ConceptOfficial Fix0.00CVE-2009-1634
09/06/20198.48.4FreeBSD File Descriptors null privilege escalation(3): vulnerability_discoverydate, source_osvdb, source_osvdb_titleNot DefinedNot Defined0.00CVE-2002-0820
09/06/20192.92.8FreeBSD pppd Symlink privilege escalation(4): vulnerability_discoverydate, source_osvdb, source_osvdb_title, advisory_person_nicknameProof-of-ConceptNot Defined0.00CVE-2002-0824
09/06/20195.95.9FreeBSD Fast File System Integer memory corruption(2): vulnerability_discoverydate, advisory_person_nicknameNot DefinedNot Defined0.07CVE-2002-0829
09/06/20194.03.8FreeBSD Kqueue denial of service(1): vulnerability_discoverydateProof-of-ConceptNot Defined0.00CVE-2002-0831
09/06/20195.95.9FreeBSD getpeername Integer memory corruption(3): vulnerability_discoverydate, source_osvdb, source_osvdb_titleNot DefinedNot Defined0.07CVE-2002-0973
09/06/20194.04.0Apple Mac OS X LoginWindow information disclosure(4): source_cve_assigned, vulnerability_discoverydate, source_osvdb, source_osvdb_titleNot DefinedNot Defined0.00CVE-2004-0622

Might our Artificial Intelligence support you?

Check our Alexa App!