Archive 01/15/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

1490647.57.5Cacti data_input.php input validation$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2020-7058
1490617.77.7VMware Tools race condition$5k-$25k$5k-$25kNot DefinedNot Defined0.09CVE-2020-3941
1490606.56.5Sounds Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-2098
1490597.57.5Sounds Plugin Permission Check improper authorization$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-2097
1490585.25.2Gitlab Hook Plugin build_now Endpoint Reflected cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-2096
1490574.34.3Redgate SQL Change Automation Plugin config.xml Key credentials storage$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-2095
1490565.35.3Health Advisor by CloudBees Plugin Permission Check improper authorization$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-2094
1490556.56.5Health Advisor by CloudBees Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-2093
1490547.57.5Robot Framework Plugin XML Parser xml external entity reference$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-2092
1490537.27.2Amazon EC2 Plugin Permission Check improper authorization$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-2091
1490526.56.5Amazon EC2 Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-2090
1490516.26.2Apache Beam MongoDB Connector Certificate Verification certificate validation$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-1929
1490505.45.1Juniper Junos Space file inclusion$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-1611
1490498.88.4Juniper Junos JDHCPD stack-based buffer overflow$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-1609
1490487.57.2Juniper Junos Subscriber Management denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1608
1490475.95.6Juniper Junos J-Web cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1607
1490465.95.6Juniper Junos J-Web path traversal$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1606
1490458.88.4Juniper Junos JDHCPD os command injection$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1605
1490446.96.6Juniper Junos IP Firewall Filter access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1604
1490438.68.2Juniper Junos Routing Engine denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-1603
1490426.76.4Juniper Junos JDHCPD use after free$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1602
1490415.35.1Juniper Junos pccd denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1601
1490406.56.2Juniper Junos SNMP resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2020-1600
1490395.85.7Microsoft Windows RDP Session Lockscreen authentication bypass$25k-$100k$5k-$25kNot DefinedWorkaround0.07CVE-2019-9510
1490386.46.1AutoMobility Distribution App MyCar Controls hard-coded credentials$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-9493
1490377.57.2Bitbucket Server/Data Center Post-Receive Hook permission assignment$0-$5k$0-$5kNot DefinedOfficial Fix0.28CVE-2019-20097
1490365.34.9Serpico input validation$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-19859
1490353.63.4Serpico UID Stored cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-19858
1490346.45.9Serpico Password Change insufficiently protected credentials$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-19857
1490333.63.4Serpico list_user Stored cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-19856
1490323.63.6Serpico list_user Stored cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-19855
1490316.56.2Serpico cross-site request forgery$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2019-19854
1490295.45.1OSIsoft PI Vision Access Control access control$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2019-18275
1490283.63.6OSIsoft PI Vision cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2019-18273
1490276.56.2OSIsoft PI Vision Administration Site cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-18271
1490264.04.0OSIsoft PI Vision Log Password log file$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-18244
1490255.95.6Adobe Experience Manager Expression Language information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-16469
1490245.95.6Adobe Experience Manager User Interface information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-16468
1490235.24.9Adobe Experience Manager Reflected cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-16467
1490225.24.9Adobe Experience Manager Reflected cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-16466
1490216.46.4ClamAV Antivirus MIME Parser input validation$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2019-15961
1490207.57.2Bitbucket Server/Data Center Edit-File Request permission assignment$0-$5k$0-$5kNot DefinedOfficial Fix0.33CVE-2019-15012
1490197.57.2Bitbucket Server/Data Center Input Field input validation$0-$5k$0-$5kNot DefinedOfficial Fix0.38CVE-2019-15010
1490164.74.5Oracle Secure Global Desktop missing encryption$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-1547
1490155.24.9Oracle Secure Global Desktop Web Server cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-10092
1490145.35.1Oracle VM VirtualBox information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-2693
1490136.05.7Oracle VM VirtualBox information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-2727
1490126.15.8Oracle Secure Global Desktop cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-17091
1490116.46.1Oracle VM VirtualBox unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-2678
1490106.56.2Oracle VM VirtualBox denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-2725

Do you know our Splunk app?

Download it now for free!