Archive 01/27/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCVE
1494775.15.1TYPO3 svg.swf cross site scripting$5k-$25k$0-$5kNot DefinedNot DefinedCVE-2020-8091
1494764.14.1A1 WLAN Box ADB Storage Service Stored cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8090
1494758.58.5UseBB panel_login.php weak encryption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8088
1494748.58.5SMC Networks D3G0804W Network Diagnostic Tools formSetDiagnosticToolsFmPing command injection$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8087
1494714.43.9Sylius ResourceBundle privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-5220
1494705.04.6Sylius Channel privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-5218
1494696.05.3Ktor Proxy Request Smuggling privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-5207
1494635.24.9Synacor Zimbra Collaboration Reflected cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-8947
1494625.24.9Synacor Zimbra Collaboration Persistent cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-8946
1494615.24.9Synacor Zimbra Collaboration Persistent cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-8945
1494404.44.4Idelji Web ViewPoint ADB File Password information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19539
1494398.08.0TP-LINK TL-WR849N Firmware softup privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19143
1494285.24.9Synacor Zimbra Collaboration Reflected cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-15313
1494275.55.5Rockwell Automation Arena Simulation Software information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-13521
1494265.55.5Rockwell Automation Arena Simulation Software information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-13519
1494253.63.4Synacor Zimbra Collaboration Admin Console Reflected cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-12427
1494244.44.3Synacor Zimbra Collaboration Persistent cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-11318
1494236.36.0Pivotal tc Server/tc Runtimes JMX Socket Listener Man-in-the-Middle privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-11288
1494204.64.6Neato Botvac Connected NeatoCrypto Library authorization GenerateRobotPassword weak authentication$0-$5k$0-$5kNot DefinedNot DefinedCVE-2018-19441
1494196.46.1Valve Dota Map rendersystemdx9.dll Remote Code Execution$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-7952
1494186.46.1Valve Dota Map meshsystem.dll memory corruption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-7951
1494176.46.1Valve Dota Map meshsystem.dll Remote Code Execution$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-7950
1494166.46.1Valve Dota Map schemasystem.dll GetValue Remote Code Execution$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-7949
1494157.47.4Netty Incomplete Fix CVE-2019-16869 HTTP Smuggling privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-7238
1494147.57.5TOTOLINK Realtek SDK Captcha formLogin information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19825
1494137.57.5TOTOLINK Realtek SDK formSysCmd privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19824
1494125.05.0TOTOLINK/CIK TELECOM/KCTVJEJU/Hi-Wifi/HCN/T-broad Router Administration Interface Cleartext weak encryption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19823
1494116.46.4TOTOLINK/CIK TELECOM/KCTVJEJU/Hi-Wifi/HCN/T-broad Router Administration Interface Config information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-19822
1494104.64.4BitDefender Endpoint Security Tools EPSecurityService.exe privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-17099
1494097.77.7BitDefender BOX 2 Bootstrap get_image_url() command injection$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17096
1494086.76.7BitDefender BOX 2 API download_image command injection$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17095
1494076.86.8Belkin WeMo Insight Switch libbelkin_api.so memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17094
1494067.47.4AVB MOTU directory traversal$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8009
1494058.27.8GNU Aspell libaspell.a memory corruption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-20433
1494047.87.8Avast Secure Browser Update Check AvastBrowserUpdate.exe privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-17190
1494035.35.1BitDefender AV BDLDaemon privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-17103
1494027.06.7BitDefender BOX 2 API update_setup privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-17102
1494015.25.0BitDefender Total Security 2020 bdserviceshost.exe privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-17100
1493985.55.5kantan netprint App X.509 Certificate Man-in-the-Middle weak authentication$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-5522
1493975.55.5kantan netprint App X.509 Certificate Man-in-the-Middle weak authentication$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-5521
1493965.55.5netprint App X.509 Certificate Man-in-the-Middle weak authentication$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-5520
1493955.75.7F-RevoCRM cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-6036
1493943.63.5SuSE Linux Enterprise Server 15 yast2-rmt Log information disclosure$0-$5k$0-$5kNot DefinedOfficial FixCVE-2018-20105
1493935.85.6SuSE Linux Enterprise Server obs-service-tar_scm directory traversal$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2018-12476
1493924.44.4virglrenderer vrend_renderer.c denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8003
1493914.44.4virglrenderer vrend_renderer.c denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8002
1493908.58.5Intellian Aptus FTP Default Credentials weak authentication$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8001
1493898.58.5Intellian Aptus Web Default Credentials weak authentication$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-8000
1493888.58.5Intellian Aptus weak authentication$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-7999
1493877.47.1Lustre File System mdt Module mdt_file_secctx_unpack memory corruption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-20432

Do you know our Splunk app?

Download it now for free!