Updates May 2020

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
05/31/20205.75.7Opera Web Browser RTL Address redirect(5): vulnerability_discoverydate, advisory_person_name, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.00CVE-2016-6908
05/31/20206.86.3NullSoft WinAmp FLV File memory corruption(1): vulnerability_discoverydateNot DefinedNot Defined0.02CVE-2017-10725
05/31/20207.06.5NullSoft WinAmp FLV File memory corruption(1): vulnerability_discoverydateNot DefinedNot Defined0.04CVE-2017-10728
05/31/20207.06.5NullSoft WinAmp FLV File memory corruption(1): vulnerability_discoverydateNot DefinedNot Defined0.02CVE-2017-10727
05/31/20207.06.5NullSoft WinAmp FLV File memory corruption(1): vulnerability_discoverydateNot DefinedNot Defined0.03CVE-2017-10726
05/31/20204.44.2NASM labels.c null pointer dereference(1): vulnerability_discoverydateProof-of-ConceptNot Defined0.00CVE-2018-16517
05/31/20209.08.1Oracle Access Manager Authentication Engine access control(3): vulnerability_discoverydate, advisory_confirm_url, source_cve_assignedProof-of-ConceptOfficial Fix0.13CVE-2018-2879
05/31/20205.45.2Netwide Assembler preproc.c use after free(3): vulnerability_discoverydate, countermeasure_name, countermeasure_dateNot DefinedOfficial Fix0.00CVE-2017-17820
05/31/20207.57.2Joomla CMS LDAP Authentication Password ldap injection(3): vulnerability_discoverydate, advisory_confirm_url, countermeasure_dateNot DefinedOfficial Fix0.05CVE-2017-14596
05/31/20204.74.5Joomla CMS information disclosure(5): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.08CVE-2017-14595
05/31/20207.57.2Joomla CMS Installer certificate validation(5): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_cve_assigned, source_securityfocusNot DefinedOfficial Fix0.03CVE-2017-11364
05/31/20205.24.9Joomla CMS CSRF Token cross site scripting(6): vulnerability_discoverydate, advisory_confirm_url, countermeasure_name, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.03CVE-2017-9934
05/31/20206.46.1Joomla CMS Cache information disclosure(6): vulnerability_discoverydate, countermeasure_name, countermeasure_date, source_cve_assigned, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2017-9933
05/31/20207.47.1Joomla CMS com_users access control(1): vulnerability_discoverydateNot DefinedOfficial Fix0.04CVE-2019-10946
05/31/20205.24.9Joomla CMS Media Form Field cross site scripting(4): vulnerability_discoverydate, advisory_url, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-9714
05/31/20207.57.2Joomla CMS Plugins access control(2): vulnerability_discoverydate, advisory_urlNot DefinedOfficial Fix0.04CVE-2019-9713
05/31/20205.24.9Joomla CMS com_config cross site scripting(4): vulnerability_discoverydate, advisory_url, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-9712
05/31/20205.24.9Joomla CMS Edit View cross site scripting(4): vulnerability_discoverydate, advisory_url, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.06CVE-2019-9711
05/31/20205.24.9Joomla CMS Core Components cross site scripting(3): vulnerability_discoverydate, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-7744
05/31/20208.58.2Joomla CMS Protection Mechanism Object Injection injection(4): vulnerability_discoverydate, advisory_url, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.04CVE-2019-7743
05/31/20205.24.9Joomla CMS Web Server Configuration cross site scripting(1): vulnerability_discoverydateNot DefinedOfficial Fix0.00CVE-2019-7742
05/31/20205.24.9Joomla CMS Global Configuration Stored cross site scripting(3): vulnerability_discoverydate, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-7741
05/31/20205.24.9Joomla CMS core.js writeDynaList cross site scripting(3): vulnerability_discoverydate, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.04CVE-2019-7740
05/31/20205.85.6Joomla CMS Global Configuration input validation(4): vulnerability_discoverydate, advisory_url, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.08CVE-2019-7739
05/31/20205.24.9Joomla CMS mod_banners Stored cross site scripting(6): vulnerability_discoverydate, advisory_person_nickname, advisory_confirm_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-6264
05/31/20204.13.7Joomla CMS Global Configuration Stored cross site scripting(9): vulnerability_discoverydate, advisory_person_nickname, advisory_confirm_url, exploit_availability, exploit_publicity, exploit_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classProof-of-ConceptOfficial Fix0.00CVE-2019-6263
05/31/20204.44.3Joomla CMS Global Configuration Stored cross site scripting(6): vulnerability_discoverydate, advisory_person_nickname, advisory_confirm_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-6262
05/31/20205.24.9Joomla CMS com_contact Stored cross site scripting(6): vulnerability_discoverydate, advisory_person_nickname, advisory_confirm_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2019-6261
05/31/20205.35.1Joomla CMS com_contact 7pk security(6): vulnerability_discoverydate, advisory_person_nickname, advisory_confirm_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2018-17859
05/31/20206.56.2Joomla CMS com_installer cross-site request forgery(6): vulnerability_discoverydate, advisory_person_nickname, advisory_confirm_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.03CVE-2018-17858
05/31/20205.35.1Joomla CMS Tags Search access control(6): vulnerability_discoverydate, advisory_person_nickname, advisory_confirm_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.04CVE-2018-17857
05/31/20206.76.4Joomla CMS com_joomlaupdate input validation(6): vulnerability_discoverydate, advisory_person_nickname, advisory_confirm_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.06CVE-2018-17856
05/31/20207.57.2Joomla CMS Registration access control(6): vulnerability_discoverydate, advisory_person_nickname, advisory_confirm_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.08CVE-2018-17855
05/31/20208.58.2Joomla CMS InputFilter Upload unrestricted upload(5): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.04CVE-2018-15882
05/31/20207.47.1Joomla CMS ACL 7pk security(5): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.05CVE-2018-15881
05/31/20204.44.3Joomla CMS Profile Page Stored cross site scripting(5): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.04CVE-2018-15880
05/31/20207.57.2Joomla CMS class_exists input validation(5): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.07CVE-2018-12712
05/31/20205.24.9Joomla CMS Media Manager cross site scripting(4): vulnerability_discoverydate, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.03CVE-2018-6378
05/31/20204.54.3Joomla CMS user-info cross site scripting(4): vulnerability_discoverydate, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.03CVE-2018-11328
05/31/20205.35.1Joomla CMS Permission information disclosure(4): vulnerability_discoverydate, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.04CVE-2018-11327
05/31/20203.63.4Joomla CMS cross site scripting(6): vulnerability_discoverydate, advisory_person_name, advisory_company_name, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2018-11326
05/31/20207.57.2Joomla CMS Web Install Application Password credentials management(4): vulnerability_discoverydate, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2018-11325
05/31/20205.95.7Joomla CMS Background Process race condition(4): vulnerability_discoverydate, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.03CVE-2018-11324
05/31/20207.57.2Joomla CMS Permission access control(4): vulnerability_discoverydate, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.09CVE-2018-11323
05/31/20206.26.0Joomla CMS PHAR File unrestricted upload(4): vulnerability_discoverydate, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.08CVE-2018-11322
05/31/20206.46.1Joomla CMS com_fields input validation(4): vulnerability_discoverydate, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.06CVE-2018-11321
05/31/20207.57.2Joomla CMS Notes List View sql injection(9): vulnerability_discoverydate, advisory_confirm_url, advisory_disputed, countermeasure_name, countermeasure_date, source_securityfocus_date, source_securityfocus_class, source_sectracker_date, source_sectracker_causeHighOfficial Fix0.06CVE-2018-8045
05/31/20205.24.9Joomla CMS Chromes cross site scripting(5): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.06CVE-2018-6380
05/31/20205.24.9Joomla CMS Uri Class cross site scripting(5): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2018-6379
05/31/20205.24.9Joomla CMS com_fields cross site scripting(5): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.03CVE-2018-6377

Interested in the pricing of exploits?

See the underground prices here!