Updates August 2020

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
08/31/20208.58.2SageCRM Component Manager aspshell.asp 7pk security(5): vulnerability_discoverydate, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2017-5219
08/31/20207.87.8Samsung Phone msm_sensor.c msm_sensor_config input validation(4): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_osvdb_titleNot DefinedNot Defined0.00CVE-2016-4038
08/31/20205.25.2Exphox WebRadar cross site scripting(6): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.05CVE-2016-8922
08/31/20208.58.2Botan BER Data integer overflow(8): vulnerability_discoverydate, advisory_confirm_url, countermeasure_name, countermeasure_date, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.08CVE-2016-9132
08/31/20208.68.1Radisys MRF Web Portal SWMS ms.cgi os command injection(6): vulnerability_discoverydate, exploit_availability, exploit_publicity, exploit_url, source_cve_assigned, source_osvdb_titleProof-of-ConceptNot Defined0.00CVE-2016-10043
08/31/20206.76.1Sophos Web Appliance Web Admin Interface MgrReport.php shell_exec command injection(8): advisory_confirm_url, exploit_availability, exploit_publicity, exploit_url, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classProof-of-ConceptOfficial Fix0.00CVE-2016-9553
08/31/20206.46.1EMC Data Protection Advisor path traversal(7): vulnerability_discoverydate, advisory_person_nickname, advisory_confirm_url, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2016-8211
08/31/20206.56.3CA Common Services input validation(7): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.05CVE-2016-9795
08/31/20205.85.6EMC Documentum D2 DQL command injection(7): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.03CVE-2016-9873
08/31/20205.24.9EMC Documentum D2 Reflected cross site scripting(7): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2016-9872
08/31/20207.37.0EMC RecoverPoint command injection(7): vulnerability_discoverydate, advisory_person_nickname, advisory_confirm_url, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.05CVE-2016-6649
08/31/20206.36.0EMC Data Domain DD access control(6): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2016-8216
08/31/20204.24.0EMC RecoverPoint permission(7): vulnerability_discoverydate, advisory_person_nickname, advisory_confirm_url, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2016-6648
08/31/20208.37.5Apple iOS Kernel host_self_trap use after free(6): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classProof-of-ConceptOfficial Fix0.00CVE-2017-2360
08/31/20206.96.6Apple iOS libarchive memory corruption(6): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2016-8687
08/31/20207.56.8Apple tvOS WebKit memory corruption(7): vulnerability_discoverydate, advisory_person_nickname, advisory_confirm_url, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classProof-of-ConceptOfficial Fix0.00CVE-2017-2369
08/31/20207.47.1Ikiwiki Git Revert access control(5): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_cve_assigned, source_osvdb_titleNot DefinedOfficial Fix0.00CVE-2016-10026
08/31/20207.87.0Apple iOS Kernel memory corruption(6): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classProof-of-ConceptOfficial Fix0.00CVE-2017-2370
08/31/20205.44.9Apple tvOS WebKit information disclosure(10): vulnerability_discoverydate, advisory_person_nickname, advisory_confirm_url, exploit_availability, exploit_publicity, exploit_url, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classProof-of-ConceptOfficial Fix0.00CVE-2017-2363
08/31/20208.58.2GnuTLS OpenPGP Certificate memory corruption(7): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix1.15CVE-2017-5337
08/31/20208.58.2GnuTLS OpenPGP Certificate memory corruption(7): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.22CVE-2017-5336
08/31/20207.47.1GnuTLS OpenPGP Certificate out-of-bounds read(7): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix1.46CVE-2017-5335
08/31/20206.96.6Docker File Descriptor race condition(7): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2016-9962
08/31/20207.47.1libpng png_set_text_2 null pointer dereference(6): vulnerability_discoverydate, countermeasure_date, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.05CVE-2016-10087
08/31/20206.45.6Sandstorm Cap'n Proto Compiler Optimization input validation(4): vulnerability_discoverydate, advisory_confirm_url, countermeasure_date, source_osvdb_titleNot DefinedOfficial Fix0.00CVE-2017-7892
08/31/20208.07.7MantisBT verify.php weak password recovery(7): vulnerability_discoverydate, exploit_availability, exploit_publicity, exploit_url, source_osvdb_title, source_securityfocus_date, source_securityfocus_classHighOfficial Fix0.05CVE-2017-7615
08/31/20205.25.2sourcebans-pp admin.comms.php cross site scripting(4): vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.08CVE-2017-7891
08/31/20204.44.4IBM Financial Transaction Manager Web UI cross site scripting(5): vulnerability_discoverydate, advisory_confirm_url, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.00CVE-2017-1160
08/31/20203.53.5Cybozu Office File Download Reflected access control(4): vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.00CVE-2016-4874
08/31/20205.35.3Cybozu Office Project permission(5): vulnerability_discoverydate, advisory_person_name, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.00CVE-2016-4873
08/31/20204.34.3Cybozu Office Breadcrumb Trail information disclosure(5): vulnerability_discoverydate, advisory_person_name, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined1.32CVE-2016-4872
08/31/20205.45.4Cybozu Office resource management(4): vulnerability_discoverydate, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.05CVE-2016-4871
08/31/20204.44.4Cybozu Office Schedule cross site scripting(2): vulnerability_discoverydate, source_osvdb_titleNot DefinedNot Defined1.26CVE-2016-4870
08/31/20205.95.9Cybozu Office information disclosure(5): vulnerability_discoverydate, advisory_person_name, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.04CVE-2016-4869
08/31/20204.34.3Cybozu Office Project information disclosure(5): vulnerability_discoverydate, advisory_person_name, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.00CVE-2016-4867
08/31/20203.63.6Cybozu Office Project cross site scripting(5): vulnerability_discoverydate, advisory_person_name, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.00CVE-2016-4866
08/31/20203.63.6Cybozu Office Customapp cross site scripting(5): vulnerability_discoverydate, advisory_person_name, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.94CVE-2016-4865
08/31/20204.44.4IBM Cognos TM1 cross site scripting(5): vulnerability_discoverydate, advisory_confirm_url, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.08CVE-2016-3038
08/31/20205.05.0IBM Cognos TM1 Service information disclosure(5): vulnerability_discoverydate, advisory_confirm_url, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined1.24CVE-2016-3037
08/31/20207.47.4IBM Cognos TM1 memory corruption(5): vulnerability_discoverydate, advisory_confirm_url, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.00CVE-2016-3036
08/31/20205.95.9IBM Marketing Platform redirect(6): vulnerability_discoverydate, advisory_person_name, advisory_confirm_url, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.04CVE-2016-0228
08/31/20205.24.7AXIS Network Camera cross site scripting(5): vulnerability_discoverydate, advisory_person_nickname, source_osvdb_title, source_securityfocus_date, source_securityfocus_classProof-of-ConceptNot Defined0.10CVE-2015-8256
08/31/20206.25.9Artifex jbig2dec jbig2_symbol_dict.c jbig2_decode_symbol_dict integer overflow(6): vulnerability_discoverydate, countermeasure_name, countermeasure_date, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.09CVE-2017-7885
08/31/20208.58.2VMware vCenter Server BlazeDS deserialization(6): vulnerability_discoverydate, advisory_confirm_url, source_cve_assigned, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.16CVE-2017-5641
08/31/20208.58.2LibreOffice hwpfile.cxx TagsRead out-of-bounds write(6): vulnerability_discoverydate, advisory_company_name, advisory_confirm_url, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.00CVE-2017-7882
08/31/20206.56.5BigTree CMS CSRF Protection cross-site request forgery(2): vulnerability_discoverydate, source_osvdb_titleNot DefinedNot Defined0.04CVE-2017-7881
08/31/20206.45.9flatCore Content Database sql injection(3): vulnerability_discoverydate, advisory_confirm_url, source_osvdb_titleNot DefinedNot Defined0.00CVE-2017-7879
08/31/20207.57.0flatCore User Database sql injection(3): vulnerability_discoverydate, advisory_confirm_url, source_osvdb_titleNot DefinedNot Defined0.18CVE-2017-7878
08/31/20206.56.0flatCore CMS Configuration cross-site request forgery(5): vulnerability_discoverydate, advisory_confirm_url, source_osvdb_title, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined1.09CVE-2017-7877
08/31/20205.24.6trollepierre tdm Reflected cross site scripting(3): vulnerability_discoverydate, advisory_confirm_url, source_osvdb_titleNot DefinedOfficial Fix0.00CVE-2017-7871

Do you know our Splunk app?

Download it now for free!