Updates 01/12/2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
11:18 AM6.05.7Microsoft Edge Scripting Engine memory corruption(2): source_sectracker, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.04CVE-2017-8738
11:12 AM4.94.7Microsoft Windows PDF Library memory corruption(1): advisory_person_nameNot DefinedOfficial Fix0.03CVE-2017-8737
11:02 AM3.02.9Microsoft Internet Explorer Domain information disclosure(1): advisory_person_nameNot DefinedOfficial Fix0.06CVE-2017-8736
10:49 AM5.04.7Microsoft Edge access control(1): advisory_person_nameNot DefinedOfficial Fix0.39CVE-2017-8735
10:37 AM6.05.4Microsoft Edge GetAt memory corruption(2): source_sectracker, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.39CVE-2017-8734
10:33 AM5.04.7Microsoft Internet Explorer access control(3): source_sectracker, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.51CVE-2017-8733
10:29 AM5.04.5Microsoft Edge memory corruption(2): source_sectracker, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.39CVE-2017-8731
10:23 AM6.05.4Microsoft Edge Scripting Engine memory corruption(1): advisory_person_nameProof-of-ConceptOfficial Fix0.34CVE-2017-8729
10:13 AM6.05.7Microsoft Windows PDF Library memory corruption(1): advisory_person_nameNot DefinedOfficial Fix0.28CVE-2017-8728
10:02 AM7.06.7Microsoft Publisher memory corruption(3): advisory_person_name, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.28CVE-2017-8725
09:54 AM5.04.7Microsoft Edge access control(1): advisory_person_nameNot DefinedOfficial Fix0.62CVE-2017-8724
09:47 AM5.04.7Microsoft Edge Content Security Policy 7pk security(1): advisory_person_nameNot DefinedOfficial Fix0.56CVE-2017-8723
09:40 AM7.87.5Microsoft Windows Graphics Win32k access control(1): advisory_person_nameNot DefinedOfficial Fix0.68CVE-2017-8720
09:31 AM4.03.8Microsoft Windows Kernel information disclosure(1): advisory_person_nameNot DefinedOfficial Fix0.29CVE-2017-8719
09:24 AM5.04.8Microsoft Windows Control Flow Guard 7pk security(3): advisory_person_name, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.51CVE-2017-8716
09:19 AM7.87.5Microsoft Windows Hyper-V input validation(1): advisory_person_nameNot DefinedOfficial Fix0.40CVE-2017-8714
09:08 AM5.14.9Microsoft Windows Hyper-V information disclosure(1): advisory_person_nameNot DefinedOfficial Fix0.46CVE-2017-8713
09:00 AM5.14.9Microsoft Windows Hyper-V information disclosure(3): advisory_person_name, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.69CVE-2017-8712
08:49 AM5.14.9Microsoft Windows Hyper-V information disclosure(3): advisory_person_name, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.68CVE-2017-8711
08:38 AM4.84.6Microsoft Windows MSC information disclosure(1): advisory_person_nameNot DefinedOfficial Fix0.74CVE-2017-8710
08:31 AM4.74.5Microsoft Windows Kernel information disclosure(1): advisory_person_nameNot DefinedOfficial Fix0.40CVE-2017-8709
08:20 AM4.74.2Microsoft Windows Kernel NtSetIoCompletion information disclosure(2): source_sectracker, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.46CVE-2017-8708
08:14 AM5.14.9Microsoft Windows Hyper-V information disclosure(1): advisory_person_nameNot DefinedOfficial Fix0.46CVE-2017-8707
08:01 AM5.14.9Microsoft Windows Hyper-V information disclosure(2): source_sectracker, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.40CVE-2017-8706
07:57 AM5.45.2Microsoft Windows Hyper-V input validation(3): source_sectracker, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.63CVE-2017-8704
07:54 AM6.56.2Microsoft Windows Error Reporting access control(1): advisory_person_nameNot DefinedOfficial Fix0.63CVE-2017-8702
07:43 AM6.15.9Microsoft Windows Shell input validation(2): source_sectracker, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.74CVE-2017-8699
07:40 AM7.57.2Microsoft Windows Uniscribe memory corruption(1): advisory_person_nameNot DefinedOfficial Fix1.03CVE-2017-8696
07:34 AM5.35.1Microsoft Windows Uniscribe information disclosure(1): advisory_person_nameNot DefinedOfficial Fix0.80CVE-2017-8695
07:27 AM5.85.6Microsoft Windows Uniscribe memory corruption(2): source_sectracker, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.63CVE-2017-8692
07:21 AM5.55.3Microsoft Windows GDI+ information disclosure(1): advisory_person_nameNot DefinedOfficial Fix0.68CVE-2017-8688
07:13 AM5.55.0Microsoft Windows Kernel Win32k NtGdiDoBanding information disclosure(2): source_sectracker, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.68CVE-2017-8687
07:10 AM9.89.4Microsoft Windows DHCP Service memory corruption(2): source_sectracker, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.57CVE-2017-8686
07:06 AM5.55.0Microsoft Windows GDI+ NtGdiEngCreatePalette information disclosure(2): source_sectracker, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.91CVE-2017-8685
07:01 AM5.55.0Microsoft Windows GDI+ NtGdiGetFontResourceInfoInternalW information disclosure(2): source_sectracker, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.57CVE-2017-8684
06:59 AM5.85.2Microsoft Windows Graphics Win32k fsc_CalcGrayRow information disclosure(3): source_sectracker, exploit_price_0day, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.74CVE-2017-8683
06:56 AM8.57.7Microsoft Windows Graphics Win32k bGeneratePath input validation(2): source_sectracker, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.74CVE-2017-8682
06:53 AM5.55.0Microsoft Windows Kernel Win32k NtGdiGetPhysicalMonitorDescription information disclosure(2): source_sectracker, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.51CVE-2017-8681
06:50 AM5.55.0Microsoft Windows Kernel Win32k NtGdiGetGlyphOutline information disclosure(2): source_sectracker, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.57CVE-2017-8680
06:44 AM5.55.3Microsoft Windows Kernel information disclosure(1): advisory_person_nameNot DefinedOfficial Fix0.68CVE-2017-8679
06:31 AM5.55.0Microsoft Windows Kernel Win32k NtQueryCompositionSurfaceBinding information disclosure(2): source_sectracker, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.74CVE-2017-8678
06:27 AM5.55.3Microsoft Windows GDI+ information disclosure(2): source_sectracker, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.69CVE-2017-8677
06:25 AM3.33.2Microsoft Windows GDI information disclosure(1): advisory_person_nameNot DefinedOfficial Fix0.69CVE-2017-8676
06:16 AM7.06.7Microsoft Windows Kernel-Mode Driver Win32k memory corruption(1): advisory_person_nameNot DefinedOfficial Fix0.74CVE-2017-8675

Do you know our Splunk app?

Download it now for free!