Updates January 2020

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
01/31/20206.56.5Hyland Perceptive Document Filters DOCX File use after free(4): vulnerability_discoverydate, advisory_company_name, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.09CVE-2018-3844
01/31/20208.08.0IBM Security QRadar SIEM improper authentication(4): vulnerability_discoverydate, exploit_availability, exploit_publicity, exploit_urlHighNot Defined0.37CVE-2018-1418
01/31/20204.94.7ovirt-engine API/Administration Web Portal Credentials credentials management(2): vulnerability_discoverydate, advisory_confirm_urlNot DefinedOfficial Fix0.00CVE-2018-1074
01/31/20206.76.7D-Link DIR-615 traceroute input validation(1): vulnerability_discoverydateNot DefinedNot Defined0.00CVE-2018-10431
01/31/20203.63.6DiliCMS index.php Stored cross site scripting(1): vulnerability_discoverydateNot DefinedNot Defined0.00CVE-2018-10430
01/31/20208.58.5Cosmo Database Prefix Field install.php code injection(1): vulnerability_discoverydateNot DefinedNot Defined0.06CVE-2018-10429
01/31/20204.84.6Google Guava CompoundOrdering deserialization(5): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2018-10237
01/31/20206.46.1Microfocus IDM information disclosure(2): vulnerability_discoverydate, advisory_confirm_urlNot DefinedOfficial Fix0.00CVE-2017-9284
01/31/20205.24.9NetIQ Identity Reporting cross site scripting(2): vulnerability_discoverydate, advisory_confirm_urlNot DefinedOfficial Fix0.05CVE-2017-9275
01/31/20207.47.4Fortinet FortiClient inadequate encryption(2): vulnerability_discoverydate, advisory_confirm_urlNot DefinedNot Defined0.04CVE-2017-17543
01/31/20205.25.2IBM Security QRadar SIEM Web UI cross site scripting(1): vulnerability_discoverydateNot DefinedNot Defined0.05CVE-2017-1724
01/31/20205.95.9IBM Security QRadar SIEM path traversal(1): vulnerability_discoverydateNot DefinedNot Defined0.00CVE-2017-1723
01/31/20206.36.3IBM Security QRadar SIEM Back-End Database sql injection(1): vulnerability_discoverydateNot DefinedNot Defined0.11CVE-2017-1722
01/31/20206.56.5IBM Security QRadar SIEM code injection(1): vulnerability_discoverydateNot DefinedNot Defined0.05CVE-2017-1721
01/31/20205.45.1Apache uimaj/uima-as/uimaFIT/uimaDUCC XML xml external entity reference(2): vulnerability_discoverydate, advisory_confirm_urlNot DefinedOfficial Fix0.00CVE-2017-15691
01/31/20204.54.5GeniXCMS Menu cross site scripting(1): vulnerability_discoverydateNot DefinedNot Defined0.00CVE-2017-14740
01/31/20207.37.0SpiderControl Windows Browser uncontrolled search path(4): vulnerability_discoverydate, advisory_person_name, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2017-14010
01/31/20204.94.7puppet-swift Installation proxy-server.conf information disclosure(4): vulnerability_discoverydate, advisory_confirm_url, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2016-9590
01/31/20206.56.5Centers for Disease Control and Prevention MicrobeTRACE CSV File code injection(1): vulnerability_discoverydateNot DefinedNot Defined0.00CVE-2018-9113
01/31/20206.56.5Centers for Disease Control and Prevention MicrobeTRACE CSV File code injection(1): vulnerability_discoverydateNot DefinedNot Defined0.00CVE-2018-8974
01/31/20205.55.5Shanghai 2345 Security Guard 2345MPCSafe.exe access control(1): vulnerability_discoverydateNot DefinedNot Defined0.00CVE-2018-10425
01/31/20202.72.7miniCMS post-edit.php Path information disclosure(1): vulnerability_discoverydateNot DefinedNot Defined0.00CVE-2018-10424
01/31/20202.72.7miniCMS post.php Directory information disclosure(1): vulnerability_discoverydateNot DefinedNot Defined0.05CVE-2018-10423
01/31/20203.63.6HongCMS Post News Stored cross site scripting(1): vulnerability_discoverydateNot DefinedNot Defined0.00CVE-2018-10422
01/31/20207.47.1Xiph.Org libvorbis psy.c bark_noise_hybridmp memory corruption(3): vulnerability_discoverydate, countermeasure_name, countermeasure_dateNot DefinedOfficial Fix0.05CVE-2018-10393
01/31/20208.07.7Xiph.Org libvorbis mapping0.c mapping0_forward memory corruption(3): vulnerability_discoverydate, countermeasure_name, countermeasure_dateNot DefinedOfficial Fix0.00CVE-2018-10392
01/31/20203.63.6WUZHI CMS cross site scripting(1): vulnerability_discoverydateNot DefinedNot Defined0.00CVE-2018-10391
01/31/20208.58.5TunnelBear TunnelBearMaintenance Service OpenVPNConnect access control(1): vulnerability_discoverydateNot DefinedNot Defined0.05CVE-2018-10381
01/31/20205.25.2Mitel MiVoice Connect/ST/GA27 Conferencing api.php Reflected cross site scripting(2): vulnerability_discoverydate, advisory_confirm_urlNot DefinedNot Defined0.00CVE-2018-9104
01/31/20205.25.2Mitel MiVoice Connect/ST/GA27 Conferencing signin.php Reflected cross site scripting(2): vulnerability_discoverydate, advisory_confirm_urlNot DefinedNot Defined0.00CVE-2018-9103
01/31/20206.96.9Mitel MiVoice Connect/ST/GA27 Conferencing sql injection(2): vulnerability_discoverydate, advisory_confirm_urlNot DefinedNot Defined0.00CVE-2018-9102
01/31/20207.57.5Mitel ST Conferencing unrestricted upload(2): vulnerability_discoverydate, advisory_confirm_urlNot DefinedNot Defined0.00CVE-2017-16251
01/31/20205.25.2Mitel MiVoice Connect/ST/GA27 launch_presenter.php Reflected cross site scripting(2): vulnerability_discoverydate, advisory_confirm_urlNot DefinedNot Defined0.00CVE-2018-9101
01/31/20206.56.5Advantech WebAccess HMI Designer out-of-bounds write(5): vulnerability_discoverydate, advisory_person_name, advisory_company_name, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.00CVE-2018-8837
01/31/20206.56.5Advantech WebAccess HMI Designer pm3 File double free(5): vulnerability_discoverydate, advisory_person_name, advisory_company_name, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.00CVE-2018-8835
01/31/20206.56.5Advantech WebAccess HMI Designer pm3 File memory corruption(5): vulnerability_discoverydate, advisory_person_name, advisory_company_name, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.00CVE-2018-8833
01/31/20206.46.1GitLab Community Edition/Enterprise Edition Webhooks server-side request forgery(2): vulnerability_discoverydate, countermeasure_dateNot DefinedOfficial Fix0.00CVE-2018-8801
01/31/20204.44.0WSO2 Identity Server Dashboard cross site scripting(4): vulnerability_discoverydate, exploit_availability, exploit_publicity, exploit_urlProof-of-ConceptOfficial Fix0.00CVE-2018-8716
01/31/20206.56.5NetApp OnCommand Unified Manager Java Debug Wire Protocol access control(2): vulnerability_discoverydate, advisory_confirm_urlNot DefinedNot Defined0.00CVE-2018-5486
01/31/20207.57.2SourceTree command injection(2): vulnerability_discoverydate, advisory_confirm_urlNot DefinedOfficial Fix0.00CVE-2018-5226
01/31/20204.44.4IBM Jazz Reporting Service Web UI cross site scripting(3): vulnerability_discoverydate, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.05CVE-2018-1363
01/31/20204.44.2Apache Tika ChmParser resource management(1): vulnerability_discoverydateNot DefinedOfficial Fix0.05CVE-2018-1339
01/31/20204.44.2Apache Tika BPGParser resource management(1): vulnerability_discoverydateNot DefinedOfficial Fix0.00CVE-2018-1338
01/31/20208.07.7glusterfs Server auth.allow access control(3): vulnerability_discoverydate, advisory_confirm_url, countermeasure_dateNot DefinedOfficial Fix0.00CVE-2018-1112
01/31/20207.47.4SmartMesh transferProxy integer overflow(1): vulnerability_discoverydateNot DefinedNot Defined0.05CVE-2018-10376
01/31/20208.58.5DeDeCMS File Upload upload.helper.php unrestricted upload(1): vulnerability_discoverydateNot DefinedNot Defined0.00CVE-2018-10375
01/31/20205.25.2EasyCMS Search Box cross site scripting(1): vulnerability_discoverydateNot DefinedNot Defined0.00CVE-2018-10374
01/31/20205.95.9GNU binutils libbfd dwarf2.c concat_filename null pointer dereference(7): vulnerability_discoverydate, countermeasure_date, source_securityfocus_date, source_securityfocus_class, source_openvas_filename, source_openvas_title, source_openvas_familyNot DefinedNot Defined0.04CVE-2018-10373
01/31/20206.46.4GNU binutils dwarf.c process_cu_tu_index memory corruption(7): vulnerability_discoverydate, countermeasure_date, source_securityfocus_date, source_securityfocus_class, source_openvas_filename, source_openvas_title, source_openvas_familyNot DefinedNot Defined0.00CVE-2018-10372
01/31/20203.63.6WUZHI CMS Extension Module Stored cross site scripting(1): vulnerability_discoverydateNot DefinedNot Defined0.00CVE-2018-10368

Do you want to use VulDB in your project?

Use the official API to access entries easily!