Updates 01/09/2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
08:50 PM6.56.5Westermo MRD-305-DIN/MRD-315/MRD-355/MRD-455 cross-site request forgery(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.54CVE-2017-12703
08:44 PM7.77.3python-kerberos checkPassword improper authentication(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.48CVE-2015-3206
08:39 PM6.45.7Linux Kernel sctp_diag.c sctp_get_sctp_info Memory out-of-bounds read(1): source_cve_cnaProof-of-ConceptOfficial Fix0.54CVE-2017-7558
08:28 PM5.45.2Linux Kernel Operand Cache nseval.c acpi_ns_evaluate information disclosure(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.60CVE-2017-13695
08:23 PM6.45.9tidy attrs.c IsURLCodePoint input validation(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.60CVE-2017-13692
08:16 PM7.57.5util-linux login-utils mkostemp access control(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.48CVE-2015-5224
08:10 PM7.57.5Foxit Reader applaunchURL access control(3): source_cve_nvd_summary, vulnerability_cvss2_researcher_basescore, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.60CVE-2017-10951
08:07 PM8.08.0Foxit Reader JavaScript SaveAs input validation(3): source_cve_nvd_summary, vulnerability_cvss2_researcher_basescore, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.48CVE-2017-10952
08:05 PM3.33.3IBM MaaS360 DTM information disclosure(2): source_xforce, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.12CVE-2017-1422
08:02 PM6.46.1GraphicsMagick svg.c GetStyleTokens memory corruption(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.12CVE-2017-13064
07:58 PM5.44.7ImageMagick psd.c ReadPSDLayersInternal input validation(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.36CVE-2017-13061
07:52 PM9.98.7NoviWare novi_process_manager_daemon memory corruption(12): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreProof-of-ConceptWorkaround0.47CVE-2017-12787
07:46 PM6.56.3Fortinet FortiManager CLI access control(2): source_sectracker, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.30CVE-2015-3617
07:40 PM6.46.1Cloud Foundry CAPI Request File information disclosure(2): source_securityfocus, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.12CVE-2017-8037
07:33 PM8.07.7Drupal CMS access control(1): advisory_person_nameNot DefinedOfficial Fix0.47CVE-2017-6925
07:23 PM6.86.5Drupal CMS REST API privileges management(1): source_cve_cnaNot DefinedOfficial Fix0.77CVE-2017-6924
07:16 PM6.46.1Drupal CMS Ajax Endpoint authorization(1): source_cve_cnaNot DefinedOfficial Fix0.47CVE-2017-6923
07:06 PM6.56.3Linux Kernel super.c sanity_check_ckpt array index(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.59CVE-2017-10663
07:01 PM6.56.3Linux Kernel Segment Count super.c sanity_check_raw_super access control(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.47CVE-2017-10662
06:57 PM6.15.5Linux Kernel File Descriptor timerfd.c use after free(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.59CVE-2017-10661
06:50 PM5.75.5Google Android USB Driver use after free(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.53CVE-2017-9684
06:48 PM7.06.7Google Android Qualcomm Video Driver double free(5): advisory_person_name, source_securityfocus_date, source_securityfocus_class, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.48CVE-2017-8265
06:41 PM5.75.5Google Android use after free(4): advisory_person_name, source_securityfocus_date, source_securityfocus_class, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.47CVE-2017-8262
06:39 PM7.87.5Google Android Camera Driver access control(4): advisory_person_name, source_securityfocus_date, source_securityfocus_class, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.48CVE-2017-8261
06:32 PM7.87.5Google Android Type Downcast out-of-bounds write(4): advisory_person_name, source_securityfocus_date, source_securityfocus_class, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.47CVE-2017-8260
06:28 PM7.87.5Google Android sde_rotator Debug Interface access control(4): advisory_person_name, source_securityfocus_date, source_securityfocus_class, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.53CVE-2017-8257
06:23 PM7.57.2Google Android Qualcomm _mdss_fb_copy_destscaler_data use after free(3): source_sectracker, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.48CVE-2017-7364
06:18 PM6.56.3Lenovo Active Protection System access control(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.53CVE-2017-3756
06:16 PM4.44.3Spring Batch Admin File Upload Stored cross site scripting(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.30CVE-2017-12882
06:09 PM6.56.2Spring Batch Admin cross-site request forgery(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.59CVE-2017-12881
06:03 PM6.56.3Google Android NAND Memory memory corruption(5): advisory_person_name, source_securityfocus_date, source_securityfocus_class, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.71CVE-2016-10389
05:56 PM5.75.7IBM WebSphere Application Server Web Services Security information disclosure(1): advisory_person_nameNot DefinedNot Defined0.71CVE-2017-1501
05:46 PM4.44.4IBM DOORS Next Generation cross site scripting(1): advisory_person_nameNot DefinedNot Defined0.65CVE-2017-1338
05:34 PM6.46.1LibTIFF tif_read.c TIFFFetchStripThing resource management(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix1.07CVE-2017-12944
05:30 PM7.57.2GraphicsMagick Exception Reporting wmf.c ReadWMFImage use after free(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix1.08CVE-2017-12936
05:27 PM7.57.2GraphicsMagick MNG Image png.c SetImageColorCallBack out-of-bounds read(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.66CVE-2017-12935
05:22 PM5.25.2ShoutBOX shoutbox.php cross site scripting(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.54CVE-2017-12680
05:15 PM6.56.5ToMAX R60G cross-site request forgery(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.77CVE-2017-12589
05:10 PM6.96.6OpenStack Ocata/Newton Aodh access control(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.66CVE-2017-12440
05:04 PM6.46.1strongSwan gmp Plugin null pointer dereference(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.94CVE-2017-11185
04:58 PM4.44.2Google Android Media Framework access control(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.53CVE-2017-0687
04:56 PM5.55.3Thales nShield Connect Signing Key access control(3): source_sectracker, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.59CVE-2015-1878
04:51 PM7.47.1PHP var_unserializer.re zval_get_type use after free(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.72CVE-2017-12934
04:47 PM8.58.2PHP var_unserializer.re finish_nested_data memory corruption(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.66CVE-2017-12933
04:42 PM8.58.2PHP var_unserializer.re use after free(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.59CVE-2017-12932
04:36 PM5.24.6Cacti spikekill.php cross site scripting(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.47CVE-2017-12927
04:33 PM6.56.5Hawtio cross-site request forgery(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.71CVE-2017-7556
04:28 PM8.58.2Augeas Escape String memory corruption(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.65CVE-2017-7555
04:24 PM6.05.8Cisco TelePresence Video Communication Server Session Initiation Protocol resource management(1): advisory_person_nameNot DefinedOfficial Fix0.77CVE-2017-6790
04:15 PM4.84.8Cisco Elastic Services Controller Log File information disclosure(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined1.06CVE-2017-6786

Do you want to use VulDB in your project?

Use the official API to access entries easily!