Updates November 2019

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCVE
11/30/20196.56.5Paessler PRTG Network Monitor privilege escalation(2): vulnerability_discoverydate, source_osvdb_titleNot DefinedNot DefinedCVE-2017-15917
11/30/20194.54.3Ignite Realtime Openfire Server Admin Console setup-host-settings.jsp cross site request forgery(2): vulnerability_discoverydate, source_osvdb_titleNot DefinedOfficial FixCVE-2017-15911
11/30/20198.58.5phpCollab newsdesk.php sql injection(2): vulnerability_discoverydate, source_osvdb_titleNot DefinedNot DefinedCVE-2017-15907
11/30/20196.46.1London Trust Media Private Internet Access VPN Server List File Crash denial of service(2): vulnerability_discoverydate, source_osvdb_titleNot DefinedOfficial FixCVE-2017-15882
11/30/20196.56.5Thornberry NDoc Log File Cleartext information disclosure(2): vulnerability_discoverydate, source_osvdb_titleNot DefinedNot DefinedCVE-2017-15366
11/30/20195.25.2IBM Tivoli Endpoint Manager Web UI cross site scripting(8): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_person_nickname, countermeasure_name, countermeasure_dateNot DefinedOfficial FixCVE-2017-1521
11/30/20193.33.2GlusterFS gf_attach.c send_brick_req denial of service(4): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, countermeasure_dateNot DefinedOfficial FixCVE-2017-15096
11/30/20195.75.7IBM Tivoli Endpoint Manager Cleartext weak encryption(8): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_person_nickname, countermeasure_name, countermeasure_dateNot DefinedOfficial FixCVE-2017-1232
11/30/20195.35.3IBM Tivoli Endpoint Manager Random Number Generator information disclosure(8): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_person_nickname, countermeasure_name, countermeasure_dateNot DefinedOfficial FixCVE-2017-1230
11/30/20193.73.7IBM Tivoli Endpoint Manager Secure Cookie weak encryption(8): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_person_nickname, countermeasure_name, countermeasure_dateNot DefinedOfficial FixCVE-2017-1228
11/30/20194.34.3IBM Tivoli Endpoint Manager Error Log information disclosure(8): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_person_nickname, countermeasure_name, countermeasure_dateNot DefinedOfficial FixCVE-2017-1226
11/30/20195.35.3IBM Tivoli Endpoint Manager URL History information disclosure(8): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_person_nickname, countermeasure_name, countermeasure_dateNot DefinedOfficial FixCVE-2017-1225
11/30/20196.96.9IBM Tivoli Endpoint Manager privilege escalation(8): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_person_nickname, countermeasure_name, countermeasure_dateNot DefinedOfficial FixCVE-2017-1222
11/30/20195.35.3IBM Tivoli Endpoint Manager information disclosure(8): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_person_nickname, countermeasure_name, countermeasure_dateNot DefinedOfficial FixCVE-2017-1220
11/30/20196.76.7KeyCloak Oauth privilege escalation(4): vulnerability_discoverydate, source_osvdb_title, countermeasure_name, countermeasure_dateNot DefinedOfficial FixCVE-2017-12160
11/30/20195.55.5KeyCloak CSRF Prevention privilege escalation(6): vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, countermeasure_name, countermeasure_dateNot DefinedOfficial FixCVE-2017-12159
11/30/20194.44.4KeyCloak Admin Console Reflected cross site scripting(6): vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, countermeasure_name, countermeasure_dateNot DefinedOfficial FixCVE-2017-12158
11/30/20198.57.7Tapatalk Plugin XMLRPC API unsubscribe_forum.php sql injection(2): vulnerability_discoverydate, source_osvdb_titleProof-of-ConceptOfficial FixCVE-2014-2023
11/30/20198.58.2D-Link DGS-1500 Ax Default Credentials weak authentication(3): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_titleNot DefinedOfficial FixCVE-2017-15909
11/30/20195.34.7OpenSSH Readonly Mode sftp-server.c process_open privilege escalation(8): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_person_name, advisory_company_name, countermeasure_dateNot DefinedOfficial FixCVE-2017-15906
11/30/20197.37.0Xen Grant Copy denial of service(7): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_company_nameNot DefinedOfficial FixCVE-2017-15597
11/30/20197.57.5F5 BIG-IP Log ltm information disclosure(5): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, countermeasure_name, countermeasure_dateNot DefinedOfficial FixCVE-2017-6165
11/30/20195.25.2AXIS 2100 Network Camera Administration Portal view.shtml cross site scripting(2): vulnerability_discoverydate, source_osvdb_titleNot DefinedNot DefinedCVE-2017-15885
11/30/20194.44.4IBM Team Concert Web UI cross site scripting(5): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot DefinedCVE-2017-1363
11/30/20194.34.3IBM ESA DM CLM Application information disclosure(5): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot DefinedCVE-2017-1295
11/30/20196.56.3Advantech WebOP Project File Heap-based memory corruption(2): vulnerability_discoverydate, source_osvdb_titleNot DefinedOfficial FixCVE-2017-12705
11/30/20194.34.3IBM Jazz Foundation Stack-based information disclosure(5): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot DefinedCVE-2017-1241
11/30/20194.44.4IBM DOORS Next Generation Web UI cross site scripting(5): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot DefinedCVE-2017-1169
11/30/20194.44.4IBM Jazz Foundation Web UI cross site scripting(5): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot DefinedCVE-2017-1164
11/30/20197.77.3cURL IMAP FETCH Response Out-of-Bounds memory corruption(7): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, countermeasure_dateNot DefinedOfficial FixCVE-2017-1000257
11/30/20193.63.4KeystoneJS cross site scripting(4): vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial FixCVE-2017-15881
11/30/20196.76.7EyesOfNetwork Web Interface add_modify_group.php sql injection(2): vulnerability_discoverydate, source_osvdb_titleNot DefinedNot DefinedCVE-2017-15880
11/30/20197.56.2KeystoneJS CSV Export download.js privilege escalation(6): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_title, exploit_availability, exploit_publicity, exploit_urlProof-of-ConceptOfficial FixCVE-2017-15879
11/30/20195.24.3KeystoneJS MarkdownType.js cross site scripting(7): vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, exploit_availability, exploit_publicity, exploit_urlProof-of-ConceptOfficial FixCVE-2017-15878
11/30/20195.45.4BusyBox decompress_unlzma.c memory corruption(9): source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_nessus_id, source_nessus_name, source_nessus_filename, source_nessus_family, countermeasure_name, countermeasure_dateNot DefinedOfficial FixCVE-2017-15874
11/30/20195.45.4BusyBox decompress_bunzip2.c get_next_block memory corruption(14): vulnerability_discoverydate, source_osvdb_title, source_nessus_id, source_nessus_name, source_nessus_filename, source_nessus_family, source_openvas_filename, source_openvas_title, source_openvas_family, source_securityfocus_date, source_securityfocus_class, advisory_person_nickname, countermeasure_name, countermeasure_dateNot DefinedOfficial FixCVE-2017-15873
11/30/20193.63.6phpwcms admin.edituser.tmpl.php cross site scripting(3): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_titleNot DefinedNot DefinedCVE-2017-15872
11/30/20197.47.4serialize-to-js Package Access Restriction function() privilege escalation(1): source_osvdb_titleNot DefinedNot DefinedCVE-2017-15871
11/30/20195.24.8user-login-history Plugin listing.php cross site scripting(3): advisory_confirm_url, vulnerability_discoverydate, source_osvdb_titleNot DefinedNot DefinedCVE-2017-15867
11/30/20195.24.9wp-noexternallinks Plugin options-general.php cross site scripting(2): vulnerability_discoverydate, source_osvdb_titleNot DefinedOfficial FixCVE-2017-15863

Do you want to use VulDB in your project?

Use the official API to access entries easily!