Archive 01/06/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCVE
1483687.57.5Ahsay Cloud Backup Suite File Upload upload Remote Code Execution$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-5846
1483677.47.1HashBrown CMS Connection.js directory traversal$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-5840
1483669.89.4OpenLiteSpeed WebAdmin Console privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-5519
1483655.95.9Gila CMS sql sql injection$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-5515
1483647.87.8Gila CMS File Upload thumb privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-5514
1483636.76.7Gila CMS delete directory traversal$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-5513
1483626.76.7Gila CMS directory traversal$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-5512
1483616.55.7uftpd ftpcmd.c handle_PORT memory corruption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-5204
1483604.44.2Google Android Privileges DCRYPTO_equals information disclosure$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-9472
1483596.05.7Google Android abc-pcie.c set_outbound_iatu memory corruption$25k-$100k$5k-$25kNot DefinedOfficial FixCVE-2019-9471
1483586.05.7Google Android abc-pcie.c dma_sblk_start memory corruption$25k-$100k$5k-$25kNot DefinedOfficial FixCVE-2019-9470
1483576.56.3Google Android Kernel km4.c km_compute_shared_hmac memory corruption$25k-$100k$5k-$25kNot DefinedOfficial FixCVE-2019-9469
1483566.56.3Google Android export_key.cpp export_key_der memory corruption$25k-$100k$5k-$25kNot DefinedOfficial FixCVE-2019-9468
1483556.46.2Schneider Electric Modicon M580 Modbus TCP denial of service$0-$5k$0-$5kNot DefinedWorkaroundCVE-2019-6857
1483546.46.2Schneider Electric Modicon M580 Modbus TCP denial of service$0-$5k$0-$5kNot DefinedWorkaroundCVE-2019-6856
1483537.37.3Schneider Electric EcoStruxure Geo SCADA Expert/Unity Pro weak authentication$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-6855
1483526.56.3Schneider Electric EcoStruxure Geo SCADA Expert Access Control privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-6854
1483515.35.3Anglersnet Access Analysis CGI An-Analyzer HTTP Referer Header Password information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5990
1483504.34.3Anglersnet Access Analysis CGI An-Analyzer Analysis Object Page cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5989
1483494.34.3Anglersnet Access Analysis CGI An-Analyzer Management Page Stored cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5988
1483487.57.5Anglersnet Access Analysis CGI An-Analyzer Management Page OS Command Injection privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5987
1483415.35.1piSignage log directory traversal$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-20354
1483406.56.5Netwide Assembler ASM File preproc.c set_text_free memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-20352
1483396.86.8OKER G232V1 UART Serial Interface privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-20348
1483388.58.5MojoHaus Exec Plugin XML Data Remote Code Execution$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-20343
1483336.56.5rConfig sudoers privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19585
1483327.57.5rConfig System ajaxArchiveFiles.php exec privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19509
1483315.25.2Jinan USR IOT USR-WIFI232 Low Power WiFi Module Web Interface cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-18842
1483308.27.2Suricata TCP Segment privilege escalation$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-18792
1483297.46.8Suricata TCP Session privilege escalation$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2019-18625
1483283.53.5Open Ticket Request System information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-18179
1483265.25.2OX App Suite cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16717
1483255.35.3OX App Suite Access Control privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16716
1483245.65.4DTEN D5/D7 HTTP weak encryption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-16274
1483239.89.8DTEN D5/D7 adb Remote Code Execution$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-16273
1483228.58.2DTEN D5/D7 Firmware privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-16272
1483215.35.1DTEN D5/D7 Servicde Port 8080 PDF weak authentication$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-16271
1483205.95.6Cisco Data Center Network Manager JBoss Enterprise Application Platform privilege escalation$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-15999
1483196.76.4Cisco Data Center Network Manager REST/SOAP privilege escalation$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-15985
1483186.76.4Cisco Data Center Network Manager REST/SOAP privilege escalation$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-15984
1483174.64.4Cisco Data Center Network Manager SOAP API information disclosure$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-15983
1483166.76.4Cisco Data Center Network Manager REST/SOAP directory traversal$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-15982
1483156.76.4Cisco Data Center Network Manager REST/SOAP directory traversal$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-15981
1483146.76.4Cisco Data Center Network Manager REST/SOAP directory traversal$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-15980
1483136.76.4Cisco Data Center Network Manager REST/SOAP OS Command Injection privilege escalation$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-15979
1483126.76.4Cisco Data Center Network Manager REST/SOAP OS Command Injection privilege escalation$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-15978
1483118.58.2Cisco Data Center Network Manager Authentication Mechanism weak authentication$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-15977
1483108.58.2Cisco Data Center Network Manager Authentication Mechanism weak authentication$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-15976
1483098.58.2Cisco Data Center Network Manager Authentication Mechanism weak authentication$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2019-15975
1483085.25.2seefl package Filename Stored cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-15603

Do you need the next level of professionalism?

Upgrade your account now!