Updates 01/15/2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
06:29 PM4.44.2Apple OS X/macOS Keychain Password access control(2): source_cve_nvd_summary, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.00CVE-2017-7150
06:25 PM5.55.0Apple OS X/macOS Disk Utility Password information disclosure(2): source_securityfocus_date, source_securityfocus_classProof-of-ConceptOfficial Fix0.04CVE-2017-7149
06:20 PM6.96.6libcURL FTP memory corruption(4): advisory_person_name, source_securityfocus_date, source_securityfocus_class, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.04CVE-2017-1000254
06:18 PM6.56.5Computerinsel PhotoLine GIF Parser memory corruption(4): advisory_person_name, source_securityfocus_date, source_securityfocus_class, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.02CVE-2017-2880
06:14 PM4.44.4IBM Content Navigator / CMIS Web UI cross site scripting(3): source_xforce, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.00CVE-2017-1522
06:12 PM6.65.8Google Go SMTP information disclosure(5): advisory_person_name, source_securityfocus_date, source_securityfocus_class, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.13CVE-2017-15042
06:08 PM8.57.5Google Go access control(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.13CVE-2017-15041
06:02 PM5.25.2HP UCMDB Foundation cross site scripting(3): source_securityfocus_date, source_securityfocus_class, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.13CVE-2017-14354
06:00 PM8.08.0HP UCMDB Foundation code injection(3): source_securityfocus_date, source_securityfocus_class, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.13CVE-2017-14353
05:53 PM8.57.7Trend Micro OfficeScan cgiShowClientAdm.exe memory corruption(2): source_sectracker, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.18CVE-2017-14089
05:49 PM6.15.9Trend Micro OfficeScan tmwfp.sys memory corruption(1): source_exploitdbProof-of-ConceptOfficial Fix0.45CVE-2017-14088
05:30 PM7.46.6Trend Micro OfficeScan Host Header input validation(3): source_sectracker, exploit_price_0day, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.49CVE-2017-14087
05:22 PM6.45.7Trend Micro OfficeScan fcgiOfcDDA.exe resource management(2): source_sectracker, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.45CVE-2017-14086
05:16 PM5.34.8Trend Micro OfficeScan information disclosure(2): source_sectracker, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.40CVE-2017-14085
05:13 PM6.86.2Trend Micro OfficeScan access control(3): source_sectracker, exploit_price_0day, vulnerability_cvss2_nvd_basescoreProof-of-ConceptOfficial Fix0.40CVE-2017-14084
05:06 PM6.46.1Trend Micro OfficeScan Encryption File access control(3): source_sectracker, exploit_price_0day, vulnerability_cvss2_nvd_basescoreHighOfficial Fix0.58CVE-2017-14083
05:03 PM5.35.1LOYTEC LVIS-3ME Credentials credentials management(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.58CVE-2017-13998
04:57 PM7.57.2LOYTEC LVIS-3ME Web User Interface path traversal(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.54CVE-2017-13996
04:54 PM4.84.6LOYTEC LVIS-3ME Web Interface cross site scripting(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.54CVE-2017-13994
04:47 PM7.26.8LOYTEC LVIS-3ME Random Number Generator entropy(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.63CVE-2017-13992
04:42 PM6.06.0IBM Tivoli Storage Manager Application Trace Credentials credentials management(3): source_xforce, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.67CVE-2017-1378
04:36 PM3.83.8IBM Tivoli Storage Manager Password information disclosure(1): advisory_person_nameNot DefinedNot Defined0.67CVE-2017-1339
04:26 PM5.45.4IBM Spectrum Protect link following(3): advisory_person_name, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.72CVE-2017-1301
04:15 PM5.55.5GE CIMPLICITY Packet Length memory corruption(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.58CVE-2017-12732
04:11 PM5.55.5IBM BigFix Compliance Analytics Credentials credentials management(3): source_xforce, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.67CVE-2017-1201
04:06 PM7.57.5IBM Tivoli Storage Manager Authentication improper authentication(3): source_xforce, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.67CVE-2016-8937
04:00 PM5.35.1Saia Burgess Controls PCD Controllers Ethernet Frame information disclosure(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.63CVE-2017-9628
03:56 PM6.86.8FreeBSD smb_subr.c smb_strdupin out-of-bounds read(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.63CVE-2017-15037
03:50 PM7.67.3IniNet Webserver improper authentication(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.63CVE-2017-13995
03:43 PM6.56.3i-SENS SmartLog Diabetes Management Software uncontrolled search path(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.72CVE-2017-13993
03:37 PM6.56.5SpiderControl SCADA Web Server Privileges access control(4): advisory_person_name, source_securityfocus_date, source_securityfocus_class, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.76CVE-2017-12728
03:33 PM6.46.4Cisco IOS XR gRPC memory corruption(1): advisory_person_nameNot DefinedNot Defined0.76CVE-2017-12270
03:26 PM4.44.4Cisco Spark Messaging Web UI Stored cross site scripting(4): advisory_person_name, source_securityfocus_date, source_securityfocus_class, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.76CVE-2017-12269
03:22 PM5.95.8Cisco AnyConnect Secure Mobility Client Network Interface access control(3): advisory_person_name, source_securityfocus_date, source_securityfocus_classNot DefinedWorkaround0.76CVE-2017-12268
03:16 PM5.35.3Cisco Wide Area Application Services ICA memory corruption(3): advisory_person_name, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.67CVE-2017-12267
03:12 PM4.84.6Cisco Meeting App DLL Loader access control(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.81CVE-2017-12266
03:06 PM5.25.2Cisco ASA Web-based Management Interface cross site scripting(3): advisory_person_name, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.72CVE-2017-12265
02:57 PM5.35.3Cisco Meeting Server Web Admin Interface input validation(3): advisory_person_name, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.81CVE-2017-12264
02:51 PM6.46.4Cisco License Manager Web Interface path traversal(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.76CVE-2017-12263
02:46 PM5.25.2Cisco Unified Communications Manager Web UI cross site scripting(1): advisory_person_nameNot DefinedNot Defined0.72CVE-2017-12258
02:37 PM5.25.2Cisco WebEx Meetings Server cross site scripting(4): advisory_person_name, source_securityfocus_date, source_securityfocus_class, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.72CVE-2017-12257
02:34 PM5.95.9Cisco Wide Area Application Services Akamai Connect data processing(2): advisory_person_name, vulnerability_cvss2_nvd_basescoreNot DefinedNot Defined0.76CVE-2017-12256
02:30 PM6.96.6Cisco ASA resource management(2): source_sectracker, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.63CVE-2017-12246
02:27 PM7.26.9Cisco Intrusion Prevention System Advanced Malware Protection input validation(4): source_securityfocus_date, source_securityfocus_class, exploit_price_0day, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.67CVE-2017-12244
02:24 PM8.58.2Red Hat Enterprise Application Platform JBoss Application Server doFilter deserialization(4): advisory_person_name, source_securityfocus_date, source_securityfocus_class, vulnerability_cvss2_nvd_basescoreHighOfficial Fix0.81CVE-2017-12149
02:19 PM8.37.5Linux Kernel load_elf_binary memory corruption(3): advisory_person_name, source_securityfocus_date, source_securityfocus_classProof-of-ConceptOfficial Fix0.63CVE-2017-1000253
02:10 PM7.57.5ERPNext Frappe frappe.share.get_users sql injection(12): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedNot Defined0.76CVE-2017-1000120
02:04 PM7.57.2Git SSH URL access control(1): advisory_person_nameHighOfficial Fix0.85CVE-2017-1000117
01:55 PM8.58.2Mercurial SSH command injection(4): advisory_person_name, source_securityfocus_date, source_securityfocus_class, vulnerability_cvss2_nvd_basescoreNot DefinedOfficial Fix0.72CVE-2017-1000116
01:49 PM3.73.7Jenkin Datadog Plugin information disclosure(3): advisory_person_name, source_securityfocus_date, source_securityfocus_classNot DefinedNot Defined0.67CVE-2017-1000114

Want to stay up to date on a daily basis?

Enable the mail alert feature now!