Updates July 2020

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
07/31/20205.24.9awesome-support Plugin Information Message cross site scripting(0)Not DefinedOfficial Fix0.21CVE-2015-9317
07/31/20206.56.2user-domain-whitelist Plugin cross site request forgery(0)Not DefinedOfficial Fix0.00CVE-2014-10381
07/31/20206.56.2user-access-manager Plugin cross site request forgery(0)Not DefinedOfficial Fix0.07CVE-2011-5328
07/31/20205.04.5Oracle Java SE Libraries information disclosure(21): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_oval_id, source_cve_nvd_published, source_nessus_id, source_nessus_name, source_nessus_filename, source_nessus_family, source_openvas_id, source_openvas_filename, source_openvas_title, source_openvas_family, source_exploitdb, source_securityfocus_date, source_securityfocus_class, advisory_person_name, exploit_availability, exploit_publicity, exploit_urlProof-of-ConceptOfficial Fix0.00CVE-2016-2183
07/31/20204.24.1Oracle Java SE Java Mission Control memory corruption(8): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_company_name, vulnerability_classNot DefinedOfficial Fix0.00CVE-2016-8328
07/31/20204.24.1Oracle Java SE Deployment memory corruption(8): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_company_name, vulnerability_classNot DefinedOfficial Fix0.00CVE-2017-3259
07/31/20204.34.1Oracle Java SE Networking memory corruption(8): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_company_name, vulnerability_classNot DefinedOfficial Fix0.08CVE-2017-3261
07/31/20204.34.1Oracle Java SE Networking memory corruption(8): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_company_name, vulnerability_classNot DefinedOfficial Fix0.00CVE-2017-3231
07/31/20205.35.1Oracle Java SE Networking memory corruption(8): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_company_name, vulnerability_classNot DefinedOfficial Fix0.08CVE-2016-5552
07/31/20205.35.1Oracle Java SE Libraries denial of service(7): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_company_nameNot DefinedOfficial Fix0.00CVE-2016-5547
07/31/20205.35.1Oracle Java SE Java Mission Control memory corruption(8): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_company_name, vulnerability_classNot DefinedOfficial Fix0.00CVE-2017-3262
07/31/20205.25.0Oracle Java SE JAAS memory corruption(8): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_company_name, vulnerability_classNot DefinedOfficial Fix0.00CVE-2017-3252
07/31/20205.85.5Oracle Java SE Libraries memory corruption(8): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_company_name, vulnerability_classNot DefinedOfficial Fix0.08CVE-2016-5548
07/31/20205.85.5Oracle Java SE Libraries memory corruption(8): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_company_name, vulnerability_classNot DefinedOfficial Fix0.00CVE-2016-5549
07/31/20206.86.5Oracle Java SE Libraries memory corruption(8): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_company_name, vulnerability_classNot DefinedOfficial Fix0.00CVE-2016-5546
07/31/20206.86.5Oracle Java SE 2D denial of service(7): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_company_nameNot DefinedOfficial Fix0.00CVE-2017-3253
07/31/20207.97.5Oracle Java SE AWT memory corruption(8): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_company_name, vulnerability_classNot DefinedOfficial Fix0.00CVE-2017-3260
07/31/20208.88.4Oracle Java SE Hotspot memory corruption(8): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_company_name, vulnerability_classNot DefinedOfficial Fix0.00CVE-2017-3289
07/31/20208.88.4Oracle Java SE Libraries memory corruption(8): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_company_name, vulnerability_classNot DefinedOfficial Fix0.00CVE-2017-3272
07/31/20206.46.4Wireshark DHCPv6 Dissector packet-dhcpv6.c Loop denial of service(7): advisory_confirm_url, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, countermeasure_name, countermeasure_dateNot DefinedOfficial Fix0.00CVE-2017-5597
07/31/20207.06.3Pagekit CMS Debug Toolbar Password privilege escalation(7): source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, exploit_availability, exploit_publicity, exploit_urlProof-of-ConceptOfficial Fix0.00CVE-2017-5594
07/31/20208.58.2Autodesk FBX-SDK 3DS File Converter memory corruption(7): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_person_nameNot DefinedOfficial Fix0.00CVE-2016-9307
07/31/20208.58.2Autodesk FBX-SDK DAE File Converter memory corruption(7): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_person_nameNot DefinedOfficial Fix0.00CVE-2016-9306
07/31/20209.89.4Autodesk FBX-SDK FBX File Converter uninitialized Pointer Data Processing Error(7): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_person_nameNot DefinedOfficial Fix0.00CVE-2016-9305
07/31/20207.57.2Autodesk FBX-SDK DFX File Converter memory corruption(7): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_person_nameNot DefinedOfficial Fix0.00CVE-2016-9304
07/31/20208.58.2Autodesk FBX-SDK FBX File memory corruption(7): advisory_confirm_url, source_cve_assigned, vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_class, advisory_person_nameNot DefinedOfficial Fix0.04CVE-2016-9303
07/31/20208.58.2Microsoft Windows Remote Desktop Service privilege escalation(2): advisory_confirm_url, source_cve_assignedNot DefinedOfficial Fix0.00CVE-2019-1181
07/31/20206.86.8Roundcube Webmail Punycode spoofing(1): advisory_urlNot DefinedNot Defined0.14CVE-2019-15237
07/31/20208.58.2Live555 Session ID createNewClientSessionWithId Use-After-Free memory corruption(1): advisory_urlNot DefinedOfficial Fix0.00CVE-2019-15232
07/31/20207.37.3Webmin Backdoor privilege escalation(1): vulnerability_cvss2_vuldb_avNot DefinedNot Defined0.07CVE-2019-15231
07/31/20206.56.5Fuel CMS Admin Console cross site request forgery(0)Not DefinedNot Defined0.07CVE-2019-15229
07/31/20204.44.4Fuel CMS Admin Console cross site scripting(0)Not DefinedNot Defined0.00CVE-2019-15228
07/31/20206.46.4Envoy Path Header Memory Consumption denial of service(0)Not DefinedNot Defined0.00CVE-2019-15225
07/31/20208.58.5rest-client Gem Backdoor privilege escalation(0)Not DefinedNot Defined0.00CVE-2019-15224
07/31/20203.53.3Linux Kernel USB Device driver.c NULL Pointer Dereference denial of service(2): advisory_url, advisory_confirm_urlNot DefinedOfficial Fix0.00CVE-2019-15223
07/31/20203.53.3Linux Kernel USB Device helper.c motu_microbookii NULL Pointer Dereference denial of service(2): advisory_url, advisory_confirm_urlNot DefinedOfficial Fix0.00CVE-2019-15222
07/31/20203.53.3Linux Kernel USB Device pcm.c NULL Pointer Dereference denial of service(2): advisory_url, advisory_confirm_urlNot DefinedOfficial Fix0.00CVE-2019-15221
07/31/20204.44.2Linux Kernel USB Device p54usb.c Use-After-Free memory corruption(2): advisory_url, advisory_confirm_urlNot DefinedOfficial Fix0.00CVE-2019-15220
07/31/20203.53.3Linux Kernel USB Device sisusb.c NULL Pointer Dereference denial of service(2): advisory_url, advisory_confirm_urlNot DefinedOfficial Fix0.00CVE-2019-15219
07/31/20203.53.3Linux Kernel USB Device smsusb.c NULL Pointer Dereference denial of service(2): advisory_url, advisory_confirm_urlNot DefinedOfficial Fix0.00CVE-2019-15218
07/31/20203.53.3Linux Kernel USB Device zr364xx.c NULL Pointer Dereference denial of service(2): advisory_url, advisory_confirm_urlNot DefinedOfficial Fix0.00CVE-2019-15217
07/31/20203.53.3Linux Kernel USB Device yurex.c NULL Pointer Dereference denial of service(2): advisory_url, advisory_confirm_urlNot DefinedOfficial Fix0.00CVE-2019-15216
07/31/20204.44.2Linux Kernel USB Device cpia2_usb.c Use-After-Free memory corruption(2): advisory_url, advisory_confirm_urlNot DefinedOfficial Fix0.00CVE-2019-15215
07/31/20205.85.6Linux Kernel Sound Subsystem init.c Use-After-Free memory corruption(2): advisory_url, advisory_confirm_urlNot DefinedOfficial Fix0.00CVE-2019-15214
07/31/20204.44.2Linux Kernel USB Device dvb-usb-init.c Use-After-Free memory corruption(2): advisory_url, advisory_confirm_urlNot DefinedOfficial Fix0.22CVE-2019-15213
07/31/20204.44.2Linux Kernel USB Device rio500.c Double-Free memory corruption(2): advisory_url, advisory_confirm_urlNot DefinedOfficial Fix0.00CVE-2019-15212
07/31/20204.44.2Linux Kernel USB Device v4l2-dev.c Use-After-Free memory corruption(2): advisory_url, advisory_confirm_urlNot DefinedOfficial Fix0.00CVE-2019-15211
07/31/20205.35.3Lenovo LenovoEMC NAS API information disclosure(0)Not DefinedNot Defined0.00CVE-2019-6178
07/31/20206.56.5Lenovo ThinkPad BIOS privilege escalation(0)Not DefinedNot Defined0.00CVE-2019-6171
07/31/20206.56.5Lenovo PaperDisplay Hotkey Service DLL Loader privilege escalation(0)Not DefinedWorkaround0.00CVE-2019-6165

Want to stay up to date on a daily basis?

Enable the mail alert feature now!