CNA No CVE

As a CVE Numbering Authority (CNA) we have to respect the CNA Rules which are defined by MITRE. These define what a vulnerability is and what requirements are neccessary to assign a CVE. Some submissions might not be eligeble to receive a CVE or their reserved CVE might be revokes for various reasons (e.g. false-positive).

Vendor

Not Defined4335
Microsoft751
IBM172
Google103
Apple101

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

FFmpeg448
Microsoft Windows434
Microsoft Internet Explorer111
cPanel70
ImageMagick49

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix2810
Temporary Fix5
Workaround1197
Unavailable367
Not Defined4140

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High135
Functional57
Proof-of-Concept3134
Unproven163
Not Defined5030

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical3
Local2504
Adjacent169
Network5843

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High7
Low5620
None2892

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required1721
None6798

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

VulDB

≤10
≤21
≤314
≤42010
≤5708
≤62626
≤71720
≤81069
≤9109
≤10262

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

Exploit 0-day

<1k352
<2k2249
<5k3486
<10k490
<25k861
<50k709
<100k306
≥100k66

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

IDVulnerabilitySubmissionCreatedUpdatedSubmitCNA
263811Panel.Amadey.d.c Login.php cross site scripting05/09/202405/10/202405/10/2024331818
in progress
263585Microsoft Azure Health Bot Service buffer.SlowBuffer uninitialized resource05/08/202405/08/2024
 
rejected
263584Microsoft Azure Health Bot Service Javascript Template code injection05/08/202405/08/2024
 
rejected
263583Microsoft Azure Health Bot Service node.js code injection05/08/202405/08/2024
 
rejected
263582Microsoft Azure Health Bot Service Table API improper authorization05/08/202405/08/2024
 
rejected
262525Microsoft Graph excessive authentication04/30/202404/30/2024
 
rejected
262471Microsoft Azure Synapse Analytics permission04/30/202404/30/2024
 
rejected
262329Amazon Managed Workflows for Apache Airflow cross site scripting04/29/202404/29/2024
 
rejected
262328Amazon AWS Database Password permission04/29/202404/29/2024
 
rejected
262327Google Cloud Vertex AI Studio injection04/29/202404/29/2024
 
rejected
262326Microsoft Azure AI Playground Markdown injection04/29/202404/29/2024
 
rejected
262325Google Cloud Clone command injection04/29/202404/29/2024
 
rejected
262278Google Cloud Platform Security Operations permission04/28/202404/28/2024
 
rejected
261675Backdoor.Win32.Dumador.c FTP Server stack-based overflow04/16/202404/20/202404/20/2024317195rejected
260899Microsoft Azure Site Recovery ASR Service information disclosure04/16/202404/16/2024
 
rejected
259699Trojan.Win32.Razy.abc SmartData memory corruption04/08/202404/08/202404/08/2024312218rejected
259064Backdoor.Win32.Agent.ju weak credentials04/02/202404/02/202404/02/2024308491rejected
2590539fans plan9port x509.c edump heap-based overflow03/26/202404/02/202404/02/2024304567
in progress
257884Win32.STOP.Ransomware build2.exe channel accessible03/23/202403/25/202403/25/2024303269rejected
257781mglowinski93 FinanseWebApplication balance.php sql injection03/23/202403/23/2024
 
rejected
257464Backdoor.Win32.Emegrab.b TCP Service stack-based overflow03/14/202403/20/202403/20/2024298426rejected
256322Backdoor.Win32.Beastdoor.oq Service Port 1332 backdoor03/10/202403/10/202403/10/2024295997rejected
256317Backdoor.Win32.Agent.amt FTP Server missing authentication02/29/202403/10/202403/10/2024290302rejected
256316Backdoor.Win32.Jeemp.c ESMTP Server hard-coded credentials02/29/202403/10/202403/10/2024290275rejected
254695Backdoor.Win32.AutoSpy.10 Service Port 1008 access control02/24/202402/24/202402/24/2024287313rejected
254693Backdoor.Win32.Armageddon.r Service Port 5859 hard-coded password02/23/202402/24/202402/24/2024286573rejected
254692Microsoft Windows Defender access control02/19/202402/24/202402/24/2024284332
in progress
253530Google Cloud Projects IAM API projects.serviceAccounts.list information disclosure02/13/202402/13/2024
 
rejected
253414Microsoft Windows Defender injection02/12/202402/12/202402/12/2024280710
in progress
252693Trojan.Win32 BankShot Service Port 1978 stack-based overflow01/31/202402/02/202402/02/2024275574rejected
252004Qualys Policy Compliance Scanning Connector Plugin HTTP Endpoint permission01/24/202401/24/2024
 
in progress
251679TrojanSpy.Win32.Nivdort jwgaklb.exe default permission01/21/202401/21/202401/21/2024270837rejected
250563Backdoor.Win32.Carbanak unprotected alternate channel01/10/202401/12/202401/12/2024265217rejected
249767Microsoft Windows PowerShell argument injection12/28/202301/05/202401/05/2024259142
in progress
249634Microsoft Azure GitHub Action code injection01/03/202401/03/2024
 
rejected
249085Google Cloud Platform StackDriver server-side request forgery12/27/202312/27/2023
 
rejected
247052Google Go cmd-go cleartext transmission12/06/202312/06/2023
 
in progress
246506CrushFTP improper authentication11/30/202311/30/2023
 
in progress
244636Microsoft Exchange Server URI Validator CreateAttachmentFromUri server-side request forgery11/07/202311/07/2023
 
in progress
244635Microsoft Exchange Server URI Validator DownloadDataFromOfficeMarketPlace server-side request forgery11/07/202311/07/2023
 
in progress
244634Microsoft Exchange Server URI Validator DownloadDataFromUri information disclosure11/07/202311/07/2023
 
in progress
244633Microsoft Exchange Server ChainedSerializationBinder deserialization11/07/202311/07/2023
 
in progress
244322Google Cloud GKE Simultaneous Hyper-Threading observable response discrepancy11/02/202311/02/2023
 
in progress
244321Google Cloud SQL Privilege Escalation11/02/202311/02/2023
 
in progress
244320Google Cloud Anthos Cluster Anthos Identity Service LDAP Module information disclosure11/02/202311/02/2023
 
in progress
244319Google Cloud Armor BackendConfig unknown vulnerability11/02/202311/02/2023
 
in progress
241575Amazon WorkSpaces Client log file10/09/202310/09/2023
 
in progress
241304Amazon Simple Notification Service Signature Validation certificate validation10/04/202310/04/2023
 
rejected
241303Google Cloud Platform Cloud Shell information disclosure10/04/202310/04/2023
 
rejected
241302Google Cloud Platform Cloud Shell improper authentication10/04/202310/04/2023
 
rejected

8469 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 8,469 results.

PreviousOverviewNext