Updates January 2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
01/21/20217.86.7VirIT eXplorer Anti-Virus Driver VIAGLT64.SYS input validation(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.03CVE-2017-16237
01/21/20216.05.8OpenSSL x86_64 Montgomery Squaring bn_sqrx8x_internal information disclosure(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.21CVE-2017-3736
01/21/20215.35.3Cisco WebEx Meetings Server HTTP Header Reply information disclosure(1): advisory_person_nameNot DefinedNot Defined0.21CVE-2017-12295
01/21/20214.44.4Cisco WebEx Meetings Server Web Interface cross site scripting(1): advisory_person_nameNot DefinedNot Defined0.17CVE-2017-12294
01/21/20215.25.2Cisco Aironet PAF memory corruption(1): advisory_person_nameNot DefinedNot Defined0.38CVE-2017-12283
01/21/20215.24.9Cisco Wireless LAN Controller ANQP memory corruption(3): source_sectracker, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.38CVE-2017-12282
01/21/20216.96.9Cisco Aironet PEAP improper authentication(1): advisory_person_nameNot DefinedNot Defined0.38CVE-2017-12281
01/21/20216.46.1Cisco Wireless LAN Controller CAPWAP memory corruption(1): advisory_person_nameNot DefinedOfficial Fix0.29CVE-2017-12280
01/21/20214.34.3Cisco IOS Packet Memory information disclosure(1): advisory_person_nameNot DefinedNot Defined0.42CVE-2017-12279
01/21/20215.35.0Cisco Wireless LAN Controller SNMP resource management(2): source_sectracker, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.38CVE-2017-12278
01/21/20218.88.8Cisco Firepower 4100/Firepower 9300 Smart Licensing Manager command injection(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.38CVE-2017-12277
01/21/20217.26.8Cisco Prime Collaboration Provisioning SQL Database Interface input validation(1): advisory_person_nameNot DefinedOfficial Fix0.42CVE-2017-12276
01/21/20215.85.6Cisco Wireless LAN Controller 802.11v input validation(3): source_sectracker, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.42CVE-2017-12275
01/21/20215.45.4Cisco Aironet EAP input validation(1): advisory_person_nameNot DefinedNot Defined0.45CVE-2017-12274
01/21/20215.45.4Cisco Aironet RF input validation(1): advisory_person_nameNot DefinedNot Defined0.37CVE-2017-12273
01/21/20217.57.2Cisco Application Policy Infrastructure Controller Enterprise Module Firewall Configuration access control(2): source_sectracker, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.37CVE-2017-12262
01/21/20216.56.3Cisco Identity Services Engine SSH access control(2): source_sectracker, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.42CVE-2017-12261
01/21/20217.87.4Cisco Firepower 9300 command injection(1): advisory_person_nameProof-of-ConceptNot Defined0.38CVE-2017-12243
01/21/20216.45.8GraphicsMagick describe.c DescribeImage out-of-bounds read(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.54CVE-2017-16353
01/21/20217.56.8GraphicsMagick describe.c DescribeImage memory corruption(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.54CVE-2017-16352
01/21/20216.56.3SchedMD Slurm access control(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.50CVE-2017-15566
01/21/20215.95.9IBM InfoSphere BigInsights cross site scripting(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.58CVE-2017-1554
01/21/20214.44.4IBM InfoSphere BigInsights Web UI cross site scripting(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.50CVE-2017-1553
01/21/20215.95.9IBM InfoSphere BigInsights Link cross site scripting(1): advisory_person_nameNot DefinedNot Defined0.58CVE-2017-1552
01/21/20215.05.0IBM Jazz Reporting Service Report Builder information disclosure(2): source_xforce, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.41CVE-2017-1340
01/21/20215.35.3IBM OpenPages GRC Platform Web UI information disclosure(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.38CVE-2017-1333
01/21/20216.56.5IBM OpenPages GRC Platform Web UI cross-site request forgery(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.53CVE-2017-1300
01/21/20214.44.4IBM OpenPages GRC Platform Web UI cross site scripting(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.38CVE-2017-1290
01/21/20215.35.1Apache Hive Policy Enforcement information disclosure(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.66CVE-2017-12625
01/21/20215.35.3IBM OpenPages GRC Platform Private API information disclosure(1): advisory_person_nameNot DefinedNot Defined0.58CVE-2017-1148
01/21/20214.44.4IBM OpenPages GRC Platform Web UI cross site scripting(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.53CVE-2017-1147
01/21/20216.56.5Favorite Plugin cross-site request forgery(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.58CVE-2017-1000244
01/21/20215.35.3Favorite Plugin Permission Check permission(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.63CVE-2017-1000243
01/21/20213.33.3Git Client Plugin Temp File information disclosure(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.45CVE-2017-1000242
01/21/20215.35.1WebKit/WebkitGTK+ UNIX IPC Layer input validation(3): advisory_identifier, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.78CVE-2017-1000122
01/21/20218.58.2WebKit/WebkitGTK+ UNIX IPC Layer integer overflow(3): advisory_identifier, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.70CVE-2017-1000121
01/21/20214.44.4IBM OpenPages GRC Platform Web UI cross site scripting(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.66CVE-2016-3048
01/21/20214.84.8Intel McAfee Network Data Loss Prevention Webserver information disclosure(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.66CVE-2017-3934
01/21/20214.84.8Intel McAfee Network Data Loss Prevention XSS cross site scripting(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.83CVE-2017-3933
01/21/20218.27.8MongoDB networkMessageCompressors memory corruption(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.79CVE-2017-15535
01/21/20218.58.2EMC Unisphere for VMAX Virtual Appliance access control(1): advisory_person_nameNot DefinedOfficial Fix0.90CVE-2017-14375
01/21/20218.58.2HP ArcSight ESM/ArcSight ESM Express sql injection(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.87CVE-2017-14356
01/21/20218.58.5Korenix JetNet hard-coded credentials(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.78CVE-2017-14027
01/21/20218.58.5Korenix JetNet hard-coded credentials(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.66CVE-2017-14021
01/21/20217.57.2BitDefender Internet Security 2018 pdf.xmd integer overflow(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.62CVE-2017-10954
01/21/20217.97.6Foxit Reader print use after free(5): advisory_person_name, source_securityfocus_date, source_securityfocus_class, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.66CVE-2017-10947
01/21/20217.97.6Foxit Reader setItem use after free(5): advisory_person_name, source_securityfocus_date, source_securityfocus_class, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.67CVE-2017-10946
01/21/20217.97.6Foxit Reader app.alert use after free(5): advisory_person_name, source_securityfocus_date, source_securityfocus_class, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.78CVE-2017-10945
01/21/20215.65.3Foxit Reader ObjStm Object Parser information disclosure(4): advisory_person_name, source_securityfocus_date, source_securityfocus_class, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.62CVE-2017-10944
01/21/20215.45.1Foxit Reader PDF File information disclosure(4): advisory_person_name, source_securityfocus_date, source_securityfocus_class, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.70CVE-2017-10943

Do you want to use VulDB in your project?

Use the official API to access entries easily!