CNA 2019

VulDB is an officially certified CVE Numbering Authority (CNA) by MITRE and Authorized Data Publisher (ADP) by NIST NVD. We are authorized to handle new vulnerability submissions, assign unique CVEs and disclose them. CVE is an international program to discover vulnerabilities which are then assigned and published to the CVE list. Partners coordinate such CVE entries to communicate consistent descriptions. Information technology and cybersecurity professionals all around the world use CVE records to ensure they are discussing the same issues, and to coordinate their efforts to prioritize and address these properly.

Vendor

Not Defined11
soerennb3
Sricam2
Axios Italia2
mpedraza20201

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

soerennb eXtplorer3
simple-markdown2
Sricam IP CCTV Camera2
Axios Italia Axios RE2
mpedraza2020 Intranet del Monterroso1

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix30
Temporary Fix0
Workaround0
Unavailable2
Not Defined5

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept9
Unproven0
Not Defined28

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical0
Local3
Adjacent7
Network27

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High2
Low29
None6

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required15
None22

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

VulDB

≤10
≤20
≤32
≤413
≤54
≤611
≤77
≤80
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

Exploit 0-day

<1k4
<2k32
<5k0
<10k0
<25k0
<50k1
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

IDVulnerabilityScopeResponsibleSubmissionCreatedUpdatedCVESubmitCNA
252717mpedraza2020 Intranet del Monterroso cargos.php sql injectionVulDBVulDB02/02/202402/25/2024CVE-2019-25159
 
accepted
248278pedroetb tts-api app.js onSpeechDone os command injectionVulDBVulDB12/17/202301/12/2024CVE-2019-25158
 
accepted
248271Ethex Contracts Monthly Jackpot EthexJackpot.sol access controlVulDBVulDB12/17/202301/12/2024CVE-2019-25157
 
accepted
244495dstar2018 Agency search.php cross site scriptingVulDBVulDB11/05/202312/02/2023CVE-2019-25156
 
accepted
221763dro.pm fileman.php cross site scriptingVulDBVulDB02/24/202303/25/2023CVE-2019-25105
 
accepted
221485rtcwcoop Team Command ai_cast_script.c AICast_ScriptLoad denial of serviceVulDBVulDB02/18/202303/23/2023CVE-2019-25104
 
accepted
220639simple-markdown simple-markdown.js redosVulDBVulDB02/11/202303/10/2023CVE-2019-25103
 
accepted
220638simple-markdown simple-markdown.js redosVulDBVulDB02/11/202303/10/2023CVE-2019-25102
 
accepted
220059OnShift TurboGears HTTP Header controllers.py response splittingVulDBVulDB02/02/202303/04/2023CVE-2019-25101
 
accepted
217645happyman twmap pointdata2.php sql injectionVulDBVulDB01/08/202301/30/2023CVE-2019-25100
 
accepted
217558Arthmoor QSF-Portal index.php path traversalVulDBVulDB01/06/202301/29/2023CVE-2019-25099
 
accepted
217437soerennb eXtplorer Archive archive.php path traversalVulDBVulDB01/05/202301/28/2023CVE-2019-25098
 
accepted
217436soerennb eXtplorer Directory Content path traversalVulDBVulDB01/05/202301/28/2023CVE-2019-25097
 
accepted
217435soerennb eXtplorer cross site scriptingVulDBVulDB01/05/202301/28/2023CVE-2019-25096
 
accepted
217434kakwa LdapCherry URL cross site scriptingVulDBVulDB01/05/202301/28/2023CVE-2019-25095
 
accepted
217353innologi appointments Extension Appointment cross site scriptingVulDBVulDB01/04/202301/28/2023CVE-2019-25094
 
accepted
217182dragonexpert Recent Threads on Index Setting hooks.php recentthread_list_threads cross site scriptingVulDBVulDB01/02/202301/26/2023CVE-2019-25093
 
accepted
216955Nakiami Mellivora Admin Panel user.inc.php print_user_ip_log cross site scriptingVulDBVulDB12/28/202201/25/2023CVE-2019-25092
 
accepted
216909nsupdate.info CSRF Cookie base.py cookie httponly flagVulDBVulDB12/27/202201/25/2023CVE-2019-25091
 
accepted
216878FreePBX arimanager Views cross site scriptingVulDBVulDB12/27/202201/24/2023CVE-2019-25090
 
accepted
216877Morgawr Muon handler.clj random valuesVulDBVulDB12/27/202201/24/2023CVE-2019-25089
 
accepted
216870ytti Oxidized Web conf_search.haml cross site scriptingVulDBVulDB12/27/202201/24/2023CVE-2019-25088
 
accepted
216863RamseyK httpserver URI ResourceHost.cpp getResource path traversalVulDBVulDB12/27/202201/24/2023CVE-2019-25087
 
accepted
216862IET-OU Open Media Player timedtext.php webvtt cross site scriptingVulDBVulDB12/27/202201/24/2023CVE-2019-25086
 
accepted
216789GNOME gvdb gvdb-builder.c gvdb_table_write_contents_async use after freeVulDBVulDB12/26/202201/24/2023CVE-2019-25085
 
accepted
216767Hide Files on GitHub options.js addEventListener cross site scriptingVulDBVulDB12/25/202201/24/2023CVE-2019-25084
 
accepted
215443pacparser pacparser.c pacparser_find_proxy buffer overflowVulDBVulDB12/13/202201/07/2023CVE-2019-25078
 
accepted
159432Sricam IP CCTV Camera Device Viewer memory corruptionVulDBVulDB04/05/202008/10/202006/03/2022CVE-2019-25063160
accepted
159431Sricam IP CCTV Camera Device Viewer stack-based overflowVulDBVulDB04/05/202008/10/202006/03/2022CVE-2019-25062159
accepted
146832CoreHR Core Portal cross-site request forgeryVulDBVulDB12/09/201912/10/201903/09/2024CVE-2019-25064135
accepted
146798OpenNetAdmin os command injectionVulDBVulDB11/21/201912/08/201903/09/2024CVE-2019-25065119
accepted
143950ajenti API privileges managementVulDBVulDB10/16/201910/18/201901/17/2024CVE-2019-25066103
accepted
143949Podman/Varlink API Privilege EscalationVulDBVulDB10/16/201910/18/201902/16/2024CVE-2019-25067102
accepted
143125Apple iOS Siri Self privileges management [Disputed]VulDBVulDB10/09/201901/05/2024CVE-2019-25071
 
accepted
139529Axios Italia Axios RE Error Message ASP.NET information disclosureVulDBVulDB08/06/201911/21/2023CVE-2019-25069
 
accepted
139528Axios Italia Axios RE Connection REDefault.aspx privileges managementVulDBVulDB08/05/201908/06/201911/21/2023CVE-2019-2506881
accepted
135125WolfCMS User Add cross site scriptingVulDBVulDB05/07/201905/16/201909/21/2023CVE-2019-2507067
accepted

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!