Archive 03/26/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCVE
1523927.57.5Micro Focus Service Manager Automation sql injection$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-9521
1523915.35.3Community plugin Album privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-9468
1523904.44.1Piwigo ws.php pwgimagessetInfo cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-9467
1523896.46.1Huawei Smart Phone privilege escalation$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-9066
1523885.45.2Huawei Smart Phone Use-After-Free memory corruption$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-9065
1523876.36.1Puppet Enterprise Impact Analysis Report information disclosure$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-7944
1523866.26.2IBM WebSphere Application Server SOAP Connector privilege escalation$25k-$100k$5k-$25kNot DefinedNot DefinedCVE-2020-4276
1523826.46.1Huawei P30 Access Control privilege escalation$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-1800
1523778.58.2DrayTek Vigor3900/Vigor2960/Vigor300B Stack-based memory corruption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-10828
1523768.58.2DrayTek Vigor3900/Vigor2960/Vigor300B Stack-based memory corruption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-10827
1523758.58.2DrayTek Vigor3900/Vigor2960/Vigor300B Debug Mode activate.cgi command injection$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-10826
1523748.58.2DrayTek Vigor3900/Vigor2960/Vigor300B activate.cgi memory corruption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-10825
1523738.58.5DrayTek Vigor3900/Vigor2960/Vigor300B activate.cgi memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-10824
1523728.58.5DrayTek Vigor3900/Vigor2960/Vigor300B activate.cgi memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-10823
1523717.47.43S-Smart CODESYS GatewayService Name Service Client GatewayService.exe memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-5105
1523704.84.3Dart cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-8923
1523695.44.7Google Closure Library URL Parser information disclosure$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-8910
1523686.36.0McAfee Application and Change Control DLL privilege escalation$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-7260
1523676.46.4Moxa EDS-G516E Setting Pages memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-6999
1523664.13.9Dell RSA Authentication Manager Security Console Stored cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-5340
1523654.13.9Dell RSA Authentication Manager Security Console Stored cross site scripting$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-5339
1523646.46.4SonicWALL SMA1000 HTTP Extraweb Server Crash denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-5129
1523637.97.6Kiali Default Key weak encryption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-1764
1523627.57.2FasterXML jackson-databind Gadget privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-10969
1523618.88.4FasterXML jackson-databind Gadget privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-10968
1523605.35.1python-apt Hash package.py privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-15796
1523595.35.1python-apt MD5 package.py weak authentication$0-$5k$0-$5kNot DefinedOfficial FixCVE-2019-15795
1523588.58.2CODESYS V3 Web Server memory corruption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-10245

Do you want to use VulDB in your project?

Use the official API to access entries easily!