Archive April 2020


The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

04/30/20204.34.1Mahara Elasticsearch Result information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.18CVE-2020-9387
04/30/20207.47.4Huawei OceanStor 5310 release of reference$5k-$25k$5k-$25kNot DefinedNot Defined1.63CVE-2020-9098
04/30/20208.58.2HPE Service Pack for ProLiant privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-7136
04/30/20205.45.4ZTE ZENIC ONE R22b SDON Controller resource consumption$0-$5k$0-$5kNot DefinedNot Defined0.11CVE-2020-6867
04/30/20203.83.8ZTE ZXCTN 6500 Ressource Management resource consumption$0-$5k$0-$5kNot DefinedNot Defined1.43CVE-2020-6866
04/30/20205.45.4ZTE OSCP information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-6865
04/30/20205.75.4MailBeez Plugin cloudloader.php cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-6579
04/30/20207.57.5LearnPress Plugin sql injection$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-6010
04/30/20203.73.7F5 BIG-IP Edge Client VPN information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2020-5893
04/30/20204.54.5F5 BIG-IP APM/Edge Gateway/FirePass Edge Client memory corruption$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-5892
04/30/20206.46.4F5 BIG-IP HTTP2 input validation$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2020-5891
04/30/20204.44.4F5 BIG-IP/BIG-IQ Administrative Interface information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-5890
04/30/20204.44.4F5 BIG-IP APM APM Portal Access Reflected cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-5889
04/30/20207.27.2F5 BIG-IP Virtual Edition privileges management$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2020-5888
04/30/20208.28.2F5 BIG-IP/BIG-IP Virtual Edition exposure of resource$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2020-5887
04/30/20208.68.6F5 BIG-IP High Availability inadequate encryption$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-5886
04/30/20208.68.6F5 BIG-IP High Availability inadequate encryption$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2020-5885
04/30/20208.68.6F5 BIG-IP High Availability inadequate encryption$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2020-5884
04/30/20206.46.4F5 BIG-IP iRule missing release of resource$5k-$25k$0-$5kNot DefinedNot Defined0.07CVE-2020-5883
04/30/20206.46.4F5 BIG-IP Traffic Management Microkernel denial of service$5k-$25k$0-$5kNot DefinedNot Defined0.05CVE-2020-5882
04/30/20206.46.4F5 BIG-IP Virtual Edition VLAN Group denial of service$5k-$25k$0-$5kNot DefinedNot Defined0.05CVE-2020-5881
04/30/20206.76.7F5 BIG-IP restjavad unrestricted upload$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2020-5880
04/30/20205.65.6F5 BIG-IP ASM SSL Profile missing encryption$5k-$25k$0-$5kNot DefinedNot Defined0.05CVE-2020-5879
04/30/20206.46.4F5 BIG-IP Traffic Management Microkernel denial of service$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2020-5878
04/30/20206.46.4F5 BIG-IP iRules Command tcp input validation$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2020-5877
04/30/20206.86.8F5 BIG-IP Traffic Management Microkernel race condition$5k-$25k$5k-$25kNot DefinedNot Defined0.08CVE-2020-5876
04/30/20206.46.4F5 BIG-IP Traffic Management Microkernel denial of service$5k-$25k$0-$5kNot DefinedNot Defined0.07CVE-2020-5875
04/30/20206.46.4F5 BIG-IP APM Traffic Management Microkernel denial of service$5k-$25k$0-$5kNot DefinedNot Defined0.05CVE-2020-5874
04/30/20206.76.7F5 BIG-IP/BIG-IQ scp privileges management$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-5873
04/30/20206.46.4F5 BIG-IP Traffic Management Microkernel denial of service$5k-$25k$0-$5kNot DefinedNot Defined0.05CVE-2020-5872
04/30/20206.46.4F5 BIG-IP Backend Server denial of service$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2020-5871
04/30/20206.56.3Huawei PCManager privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-1817
04/30/20206.46.4GNU C Library Tilde Expansion use after free$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2020-1752
04/30/20206.65.9Sourcegraph redirect.go SafeRedirectURL$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-12283
04/30/20205.35.3xt:Commerce Address Management default permission$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-12101
04/30/20207.07.0SQLiteODBC sqliteodbc$ race condition$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-12050
04/30/20206.46.1SaltStack Salt ClearFuncs input validation$0-$5k$0-$5kHighOfficial Fix0.06CVE-2020-11652
04/30/20208.58.2SaltStack Salt ClearFuncs input validation$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-11651
04/30/20204.03.5Wagtail String Comparison timing discrepancy$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-11037
04/30/20205.75.0WordPress Block Editor neutralization$5k-$25k$0-$5kNot DefinedOfficial Fix1.21CVE-2020-11030
04/30/20204.94.3WordPress class-wp-object-cache.php stats cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-11029
04/30/20204.64.0WordPress Private Post access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-11028
04/30/20205.95.2WordPress Password Reset Link operation on a resource after expiration$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-11027
04/30/20206.45.6WordPress Media Section neutralization$5k-$25k$0-$5kNot DefinedOfficial Fix0.21CVE-2020-11026
04/30/20204.94.3WordPress Navigation Section cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-11025
04/30/20208.27.2IntelMQ Manager Backend os command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-11016
04/30/20207.06.7thinx-device-api IoT Device Management Server MAC Address authentication spoofing$0-$5k$0-$5kNot DefinedOfficial Fix0.13CVE-2020-11015
04/30/20205.85.5ansible-engine Archive path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-10691
04/30/20207.57.5BMC Control-M/Agent os command injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-19220
04/30/20206.46.4BMC Control-M/Agent File Download information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-19219

Want to stay up to date on a daily basis?

Enable the mail alert feature now!