Updates 01/10/2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
05:19 PM6.76.7IBM QRadar Network Security xml external entity reference(1): advisory_person_nameNot DefinedNot Defined0.34CVE-2017-1458
05:10 PM5.25.2IBM QRadar Network Security Web UI cross site scripting(1): advisory_person_nameNot DefinedNot Defined0.17CVE-2017-1457
05:03 PM4.44.2Linux Kernel atyfb_base.c atyfb_ioctl Kernel Memory information disclosure(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.51CVE-2017-14156
05:00 PM7.57.2OpenJPEG tcd.c opj_tcd_code_block_enc_allocate_data memory corruption(4): advisory_person_name, source_securityfocus_date, source_securityfocus_class, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.26CVE-2017-14151
04:56 PM4.44.2Linux Kernel migrate.c move_pages information disclosure(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.51CVE-2017-14140
04:50 PM5.45.4IBM Notes Dialog Box access control(1): advisory_person_nameHighNot Defined0.60CVE-2017-1130
04:42 PM5.45.4IBM Notes Link access control(3): source_xforce, exploit_price_0day, vulnerability_cvss2_nvd_basescoreHighNot Defined0.60CVE-2017-1129
04:36 PM6.56.5IBM Emptoris Strategic Supply Management cross-site request forgery(2): source_xforce, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.43CVE-2017-1097
04:33 PM7.57.2Apache Hadoop YARN NodeManager Password information disclosure(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.34CVE-2016-3086
04:30 PM8.17.8Palo Alto PAN-OS xml external entity reference(3): source_cve_nvd_summary, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.51CVE-2017-9458
04:27 PM5.75.4Palo Alto PAN-OS GlobalProtect Interface cross site scripting(2): source_cve_nvd_summary, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.34CVE-2017-12416
04:25 PM5.95.7GNU binutils libbfd elf-attrs.c bfd_elf_parse_attributes memory corruption(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.26CVE-2017-14130
04:23 PM5.95.7GNU binutils libbfd dwarf2.c read_section memory corruption(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.26CVE-2017-14129
04:17 PM5.95.7GNU binutils libbfd dwarf2.c decode_line_info memory corruption(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.26CVE-2017-14128
04:14 PM6.66.5AT&T U-verse IP Passthrough Mode improper authentication(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedWorkaround0.51CVE-2017-14117
04:08 PM7.77.5AT&T U-verse IP Passthrough Mode hard-coded credentials(4): advisory_person_name, source_securityfocus_date, source_securityfocus_class, vulnerability_cvss2_nvd_basescoreNot DefinedWorkaround0.50CVE-2017-14116
04:06 PM7.77.5AT&T U-verse IP Passthrough Mode access control(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedWorkaround0.43CVE-2017-14115
04:01 PM7.77.5AT&T U-verse IP Passthrough Mode sbdc.ha information disclosure(5): advisory_person_name, source_securityfocus_date, source_securityfocus_class, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedWorkaround0.42CVE-2017-10793
03:55 PM6.46.1Digium Asterisk PJSIP Channel Driver input validation(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.43CVE-2017-14098
03:48 PM5.45.1Red Hat Certificate Server input validation(3): source_cve_cna, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.75CVE-2017-7509
03:44 PM8.57.7Intel McAfee Live Safe/McAfee Security Scan Plus HTTP Backend code injection(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.67CVE-2017-3897
03:38 PM5.55.3Linux Kernel tcp.c __tcp_disconnect divide by zero(2): source_sectracker, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.58CVE-2017-14106
03:33 PM6.46.1QEMU socket.c ifq_so use after free(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.60CVE-2017-13711
03:26 PM7.87.8Symantec ProxyClient access control(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.83CVE-2017-13674
03:20 PM4.44.2QEMU VGA Display Emulator out-of-bounds read(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.83CVE-2017-13672
03:17 PM5.95.2ImageMagick BMP File bmp.c ReadBMPImage resource management(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.94CVE-2017-12693
03:10 PM5.95.2ImageMagick viff File viff.c ReadVIFFImage resource management(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.75CVE-2017-12692
03:05 PM5.95.2ImageMagick xcf.c ReadOneLayer resource management(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.75CVE-2017-12691
02:57 PM6.56.2RubyGems GEM Install DNS access control(1): advisory_person_nameNot DefinedOfficial Fix0.94CVE-2017-0902
02:50 PM7.06.3RubyGems Specification Name Validator File input validation(1): advisory_person_nameProof-of-ConceptOfficial Fix0.77CVE-2017-0901
02:39 PM6.46.1RubyGems Query Command input validation(1): advisory_person_nameNot DefinedOfficial Fix0.77CVE-2017-0900
02:31 PM8.07.7RubyGems gem code injection(1): advisory_person_nameNot DefinedOfficial Fix1.03CVE-2017-0899
02:20 PM7.37.3ALC Liebert SiteScan Web Version/WebCTRL/Carrier i-Vu XML Parser xml external entity reference(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.94CVE-2016-5795
02:13 PM5.85.3Soplanning Install code injection(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreProof-of-ConceptNot Defined0.83CVE-2014-8677
02:07 PM5.34.8Soplanning file_get_contents path traversal(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreProof-of-ConceptNot Defined0.83CVE-2014-8676
02:04 PM6.55.9Soplanning ICAL Link Brute Force information disclosure(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreProof-of-ConceptNot Defined0.86CVE-2014-8675
02:01 PM5.25.2IBM Emptoris Sourcing redirect(3): source_xforce, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.60CVE-2017-1450
01:58 PM4.44.4IBM Emptoris Sourcing redirect(3): source_xforce, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.47CVE-2017-1449
01:51 PM4.44.4IBM Emptoris Sourcing Web UI cross site scripting(2): source_xforce, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.54CVE-2017-1447
01:47 PM4.44.4IBM Emptoris Sourcing Web UI cross site scripting(2): source_xforce, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.54CVE-2017-1444
01:42 PM7.57.2Ruby generator.c Memory memory corruption(1): advisory_person_nameNot DefinedOfficial Fix0.75CVE-2017-14064
01:35 PM6.15.9Linux Kernel qla_attr.c qla2x00_sysfs_write_optrom_ctl integer overflow(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.77CVE-2017-14051
01:32 PM4.44.4IBM Emptoris Spend Analysis Web UI cross site scripting(1): advisory_person_nameNot DefinedNot Defined0.46CVE-2017-1446
01:22 PM4.44.4IBM Emptoris Spend Analysis Web UI cross site scripting(1): advisory_person_nameNot DefinedNot Defined0.68CVE-2017-1445
01:14 PM5.25.2IBM Emptoris Services Procurement Web UI cross site scripting(2): source_xforce, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.69CVE-2017-1443
01:11 PM6.56.5IBM Emptoris Services Procurement cross-site request forgery(2): source_xforce, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined1.34CVE-2017-1442
01:08 PM4.44.4IBM Emptoris Services Procurement Stored access control(1): advisory_person_nameNot DefinedNot Defined1.17CVE-2017-1441
01:03 PM7.57.5IBM Emptoris Services Procurement access control(1): advisory_person_nameNot DefinedNot Defined0.99CVE-2017-1440
12:55 PM7.37.3Siemens SIMATIC Wincc Runtime Foundation tcp xml external entity reference(1): advisory_person_nameNot DefinedNot Defined1.19CVE-2017-12069
12:48 PM4.74.5Apache Hadoop HDFS information disclosure(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix1.00CVE-2016-5001

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!