Updates August 2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
08/31/20217.37.3Debian Lintian path traversal(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.08CVE-2009-4013
08/31/20215.35.1Symantec Altiris Notification Server Web Console credentials management(1): source_nessus_riskNot DefinedOfficial Fix0.04CVE-2009-3035
08/31/20215.35.3Roundcube webmail information disclosure(1): source_nessus_riskNot DefinedNot Defined0.00CVE-2010-0464
08/31/20215.35.3Horde IMP information disclosure(1): source_nessus_riskNot DefinedNot Defined0.04CVE-2010-0463
08/31/20217.37.0ViewVC Access Restriction access control(1): source_nessus_riskNot DefinedOfficial Fix0.04CVE-2010-0005
08/31/20215.35.1ViewVC information disclosure(1): source_nessus_riskNot DefinedOfficial Fix0.02CVE-2010-0004
08/31/20217.37.0GNU gzip unlzw.c unlzw numeric error(1): source_nessus_riskNot DefinedOfficial Fix0.33CVE-2010-0001
08/31/20217.37.0GNU gzip inflate.c huft_build input validation(1): source_nessus_riskNot DefinedOfficial Fix0.05CVE-2009-2624
08/31/20216.36.0IBM DB2 REPEAT memory corruption(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedOfficial Fix0.00CVE-2010-0462
08/31/20218.88.4Cisco Unified MeetingPlace access control(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_assignedNot DefinedOfficial Fix0.03CVE-2010-0142
08/31/20216.56.2Cisco Unified MeetingPlace credentials management(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_assignedNot DefinedOfficial Fix0.03CVE-2010-0141
08/31/20219.89.4Cisco Unified MeetingPlace Administrator Account Remote Code Execution(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_assignedNot DefinedOfficial Fix0.05CVE-2010-0140
08/31/20218.68.2Cisco Unified MeetingPlace sql injection(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_assignedNot DefinedOfficial Fix0.00CVE-2010-0139
08/31/20215.95.9HP OpenView Storage Data Protector Local Privilege Escalation(1): source_nessus_riskNot DefinedNot Defined0.08CVE-2009-4183
08/31/20215.35.3Apache Tomcat path traversal(1): source_nessus_riskNot DefinedNot Defined0.03CVE-2009-2902
08/31/20215.35.3Apache Tomcat access control(1): source_nessus_riskNot DefinedNot Defined0.25CVE-2009-2901
08/31/20216.56.5Apache Tomcat path traversal(1): source_nessus_riskNot DefinedNot Defined0.05CVE-2009-2693
08/31/20214.34.1Sun iPlanet Messaging Server cross site scripting(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedOfficial Fix0.03CVE-2004-2765
08/31/202110.010.0Sun Change Manager memory corruption(2): vulnerability_cvss2_nvd_basescore, source_nessus_riskNot DefinedNot Defined0.03CVE-2003-1576
08/31/20217.57.2Red Hat Enterprise Linux input validation(1): source_nessus_riskNot DefinedOfficial Fix0.03CVE-2009-4272
08/31/20214.04.0Red Hat Enterprise Linux access control(1): source_nessus_riskNot DefinedNot Defined0.03CVE-2009-3556
08/31/202110.010.0TheGreenBow IPSec VPN Client vpnconf.exe memory corruption(1): source_nessus_riskNot DefinedNot Defined0.04CVE-2010-0392
08/31/20217.57.2Intel E1000 exthdrs.c ipv6_hop_jumbo input validation(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedOfficial Fix0.06CVE-2010-0006
08/31/20216.86.5Intel E1000 print_fatal_signal information disclosure(1): source_nessus_riskNot DefinedOfficial Fix0.07CVE-2010-0003
08/31/20219.89.4SystemTap code injection(1): source_nessus_riskNot DefinedOfficial Fix0.00CVE-2009-4273
08/31/20216.56.5Oracle Database Server denial of service(1): source_nessus_riskNot DefinedNot Defined0.03CVE-2005-4884
08/31/20215.35.3Sun Java System Web Server Admin Server null pointer dereference(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_assignedNot DefinedNot Defined0.04CVE-2010-0389
08/31/20217.37.3Sun Java System Web Server format string(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_assignedNot DefinedNot Defined0.03CVE-2010-0388
08/31/20215.35.3Sun Java System Application Server Default Configuration config(1): source_nessus_riskNot DefinedNot Defined0.05CVE-2010-0386
08/31/20215.35.1Tor Directory Authority information disclosure(2): source_nessus_filename, source_nessus_riskNot DefinedOfficial Fix0.00CVE-2010-0385
08/31/202110.09.4RealNetworks RealPlayer smlrender.dll memory corruption(2): vulnerability_cvss2_nvd_basescore, source_nessus_riskProof-of-ConceptNot Defined0.49CVE-2009-4257
08/31/202110.010.0RealNetworks RealPlayer HandleSetParameterRequest memory corruption(1): source_nessus_riskNot DefinedNot Defined0.00CVE-2009-4248
08/31/202110.010.0RealNetworks RealPlayer memory corruption(1): source_nessus_riskNot DefinedNot Defined0.59CVE-2009-4247
08/31/202110.010.0RealNetworks RealPlayer memory corruption(1): source_nessus_riskNot DefinedNot Defined0.28CVE-2009-4246
08/31/202110.010.0RealNetworks RealPlayer gifcodec.cpp memory corruption(1): source_nessus_riskNot DefinedNot Defined0.00CVE-2009-4245
08/31/202110.010.0RealNetworks RealPlayer memory corruption(1): source_nessus_riskNot DefinedNot Defined0.03CVE-2009-4244
08/31/202110.010.0RealNetworks RealPlayer memory corruption(1): source_nessus_riskNot DefinedNot Defined0.03CVE-2009-4243
08/31/202110.010.0RealNetworks RealPlayer GetPacketBuffer memory corruption(1): source_nessus_riskNot DefinedNot Defined0.03CVE-2009-4242
08/31/202110.010.0RealNetworks RealPlayer memory corruption(1): source_nessus_riskNot DefinedNot Defined0.16CVE-2009-4241
08/31/20218.18.1ISC BIND fetch Remote Code Execution(1): source_nessus_riskNot DefinedNot Defined0.03CVE-2010-0382
08/31/20214.84.8ISC BIND DNS Cache unknown vulnerability(1): source_nessus_riskNot DefinedNot Defined0.04CVE-2010-0290
08/31/20216.36.0Microsoft Internet Explorer code injection(1): source_nessus_riskHighOfficial Fix0.00CVE-2010-0248
08/31/20219.69.2Microsoft Internet Explorer code injection(1): source_nessus_riskNot DefinedOfficial Fix0.03CVE-2010-0247
08/31/20216.36.0Microsoft Internet Explorer code injection(1): source_nessus_riskNot DefinedOfficial Fix0.04CVE-2010-0246
08/31/20216.36.0Microsoft Internet Explorer code injection(1): source_nessus_riskNot DefinedOfficial Fix0.03CVE-2010-0245
08/31/20216.36.0Microsoft Internet Explorer code injection(1): source_nessus_riskNot DefinedOfficial Fix0.00CVE-2010-0244
08/31/20217.37.3SuSE openSUSE Access Restriction access control(3): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_nessus_riskNot DefinedNot Defined0.04CVE-2010-0230
08/31/202110.010.0Cisco CiscoWorks Internetwork Performance Monitor memory corruption(1): source_nessus_riskNot DefinedNot Defined0.14CVE-2010-0138
08/31/20217.57.5Cisco IOS XR memory allocation(4): vulnerability_cvss2_nvd_basescore, exploit_price_0day, source_cve_assigned, source_xforceNot DefinedNot Defined0.16CVE-2010-0137
08/31/20217.87.5Microsoft Windows NtVdmControl access control(1): source_nessus_riskHighOfficial Fix0.06CVE-2010-0232

3791 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!