Updates June 2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Microsoft Internet Explorer174
Google Chrome156
Linux Kernel123
Microsoft Windows106
Google Android97

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix2879
Temporary Fix0
Workaround46
Unavailable28
Not Defined827

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High152
Functional9
Proof-of-Concept467
Unproven635
Not Defined2517

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤22
≤362
≤4481
≤5494
≤61043
≤7642
≤8645
≤9156
≤10255

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤22
≤385
≤4526
≤5694
≤61196
≤7673
≤8287
≤9161
≤10156

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k515
<2k470
<5k806
<10k465
<25k751
<50k377
<100k347
≥100k49

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k2712
<2k266
<5k302
<10k281
<25k205
<50k14
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
06/30/20213.33.2Microsoft Windows memory leak(3): vulnerability_cvss2_nvd_basescore, source_securityfocus_date, source_securityfocus_classNot DefinedOfficial Fix0.03CVE-2004-2365
06/30/20218.88.4Microsoft Windows ntsystemdebugcontrol memory corruption(2): vulnerability_cvss2_nvd_basescore, source_cve_assignedNot DefinedOfficial Fix0.05CVE-2004-2339
06/30/20217.36.9Omnicron OmniHTTPD memory corruption(1): source_nessus_riskProof-of-ConceptNot Defined0.00CVE-2004-2299
06/30/20218.48.4Mozilla Mac OS X authentication spoofing(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.06CVE-2004-2228
06/30/20215.34.8Mozilla Firefox right-click unknown vulnerability(1): source_nessus_riskProof-of-ConceptOfficial Fix0.03CVE-2004-2225
06/30/20215.35.3Symantec Norton Antivirus denial of service(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_assignedNot DefinedNot Defined0.03CVE-2004-2147
06/30/20217.36.6Zen Cart password_forgotten.php Remote Code Execution(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_filenameProof-of-ConceptOfficial Fix0.00CVE-2004-2024
06/30/20215.35.1Nuked-Klan index.php path traversal(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_xforceNot DefinedOfficial Fix0.04CVE-2004-1937
06/30/20213.73.7ClamAV bagle denial of service(1): source_nessus_riskNot DefinedNot Defined0.10CVE-2004-1909
06/30/20218.47.3IPSwitch WS FTP Server iftpmgr.exe privileges management(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskProof-of-ConceptOfficial Fix0.04CVE-2004-1885
06/30/20217.37.0Dogpatch CFWebstore index.cfm sql injection(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedOfficial Fix0.05CVE-2004-1806
06/30/20217.37.3GNU sharutils memory corruption(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.02CVE-2004-1773
06/30/20217.36.9John Bradley XV xvbmp.c stack-based overflow(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_assignedProof-of-ConceptNot Defined0.04CVE-2004-1725
06/30/20215.35.3Apache Xerces-C++ XML Parser denial of service(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.03CVE-2004-1575
06/30/20214.34.3phpWebSite index.php cross site scriting(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.06CVE-2004-1516
06/30/20213.73.7Opera Web Browser Installation information disclosure(1): source_nessus_riskNot DefinedNot Defined0.06CVE-2004-1489
06/30/20215.34.8Socat HTTP Proxy error.c _msg memory corruption(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskProof-of-ConceptOfficial Fix0.00CVE-2004-1484
06/30/20217.37.3BNC sbuf_getmsg Remote Code Execution(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.07CVE-2004-1482
06/30/20217.37.3SuSE Linux Video stack-based overflow(1): source_nessus_riskNot DefinedNot Defined0.00CVE-2004-1476
06/30/20217.36.9Xine Video xine-lib stack-based overflow(1): source_nessus_riskProof-of-ConceptNot Defined0.03CVE-2004-1475
06/30/20215.35.0Symantec Enterprise Firewall/VPN Appliances Configuration File unknown vulnerability(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_exploitdbProof-of-ConceptOfficial Fix0.03CVE-2004-1474
06/30/20219.38.9Peter D. Gray SnipSnap log memory corruption(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedOfficial Fix0.00CVE-2004-1469
06/30/20217.37.3Webmin privileges management(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.05CVE-2004-1468
06/30/20219.89.8MoinMoin Access Control List Remote Code Execution(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.05CVE-2004-1463
06/30/20217.37.3MoinMoin unspecified Remote Code Execution(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.03CVE-2004-1462
06/30/20213.73.6Mozilla File Upload denial of service(2): vulnerability_cvss2_nvd_basescore, source_nessus_riskNot DefinedOfficial Fix0.03CVE-2004-1449
06/30/20215.35.3Roundup HTTP path traversal(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.04CVE-2004-1444
06/30/20217.36.9Pavuk sprintf memory corruption(1): source_nessus_riskProof-of-ConceptNot Defined0.00CVE-2004-1437
06/30/20216.36.0Microsoft Internet Explorer Browser Plugin pnxr3260.dll memory corruption(2): vulnerability_cvss2_nvd_basescore, source_cve_assignedNot DefinedOfficial Fix0.02CVE-2004-1416
06/30/20213.73.7NullSoft WinAmp denial of service(1): source_nessus_riskNot DefinedNot Defined0.00CVE-2004-1396
06/30/20215.95.7Sun Solaris or pfexec Local Privilege Escalation(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_filenameNot DefinedOfficial Fix0.06CVE-2004-1394
06/30/20217.36.6Tiki TikiWiki tiki-editpage.php input validation(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskProof-of-ConceptOfficial Fix0.07CVE-2004-1386
06/30/20215.35.3Mozilla Firefox memory allocation(2): vulnerability_cvss2_nvd_basescore, source_nessus_riskNot DefinedNot Defined0.13CVE-2004-1200
06/30/20217.37.0Microsoft Internet Explorer authentication spoofing(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_assignedNot DefinedOfficial Fix0.00CVE-2004-1155
06/30/20214.34.1Cvstrac main.c cross site scriting(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_xforceNot DefinedOfficial Fix0.00CVE-2004-1146
06/30/20215.95.7Linux Kernel memory corruption(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedOfficial Fix0.03CVE-2004-0997
06/30/202110.09.5Microsoft Internet Explorer HTML Help memory corruption(2): vulnerability_cvss2_nvd_basescore, source_cve_assignedNot DefinedOfficial Fix0.04CVE-2004-0985
06/30/20217.37.0Red Hat Enterprise Linux Imlib2 memory corruption(1): source_nessus_riskNot DefinedOfficial Fix0.00CVE-2004-0802
06/30/20215.35.3Juniper Junos Routing Engine denial of service(2): vulnerability_cvss2_nvd_basescore, source_nessus_riskNot DefinedNot Defined0.04CVE-2004-0467
06/30/20214.04.0Web Server cleartext storage(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.05CVE-2004-0462

3740 more entries are not shown

Do you know our Splunk app?

Download it now for free!