Archive 04/14/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1532897.37.0Microsoft Windows Work Folder Service privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-1094
1532884.84.6Microsoft Dynamics 365 cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-1050
1532874.44.3Microsoft Dynamics 365 cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-1049
1532867.37.0Microsoft Windows Connected User Experiences/Telemetry Service privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-1029
1532857.57.2Microsoft Research JavaScript Cryptography Library ECC calculation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1026
1532847.37.0Microsoft Windows Adobe Font Manager Library input validation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2020-1020
1532837.06.7Microsoft RMS Sharing for Mac privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-1019
1532826.46.1Microsoft Dynamics NAV information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1018
1532817.06.7Microsoft Windows Push Notification Service privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-1017
1532805.14.9Microsoft Windows Push Notification Service information disclosure$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2020-1016
1532797.37.0Microsoft Windows User-Mode Power Service privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.07CVE-2020-1015
1532787.37.0Microsoft Windows Update Client privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2020-1014
1532777.37.0Microsoft Windows System Assessment Tool privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-1011
1532767.06.7Microsoft Windows Store Install Service privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-1009
1532757.06.7Microsoft Windows JET Database Engine memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-1008
1532745.14.9Microsoft Windows Kernel information disclosure$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-1007
1532737.37.0Microsoft Windows Push Notification Service privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-1006
1532728.17.8Microsoft Windows Kernel privileges management$100k and more$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-1003
1532716.26.0Microsoft Forefront Endpoint Protection MpSigStub.exe privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2020-1002
1532707.37.0Microsoft Windows Notification Service privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-1001
1532698.17.8Microsoft Windows Kernel privileges management$100k and more$5k-$25kNot DefinedOfficial Fix0.05CVE-2020-1000
1532687.06.7Microsoft Windows JET Database Engine memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0999
1532677.87.5Microsoft Windows Update Stack privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0996
1532667.06.7Microsoft Windows JET Database Engine memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0995
1532657.06.7Microsoft Windows JET Database Engine memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0994
1532645.85.5Microsoft Windows DNS resource consumption$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0993
1532637.06.7Microsoft Windows JET Database Engine memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0992
1532627.06.7Microsoft Office memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0991
1532617.06.7Microsoft Windows JET Database Engine memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0988
1532605.14.9Microsoft Windows Graphics Component information disclosure$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0987
1532597.37.0Microsoft Windows Update Stack privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0985
1532586.56.3Microsoft AutoUpdate for Mac privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0984
1532577.37.0Microsoft Windows privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0983
1532565.14.9Microsoft Windows Graphics Component information disclosure$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0982
1532557.16.8Microsoft Windows Token Security Feature injection$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2020-0981
1532547.06.7Microsoft Office/SharePoint/Word memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0980
1532537.57.2Microsoft Office 365 ProPlus Excel memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0979
1532524.44.3Microsoft SharePoint Enterprise Server cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0978
1532514.44.3Microsoft SharePoint Enterprise Server input validation$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-0977
1532504.44.3Microsoft SharePoint Enterprise Server/SharePoint Foundation input validation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0976
1532494.44.3Microsoft SharePoint Enterprise Server input validation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0975
1532484.44.3Microsoft SharePoint Enterprise Server cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0973
1532474.44.3Microsoft SharePoint Enterprise Server input validation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0972
1532467.57.2Microsoft SharePoint Enterprise Server Application Package unrestricted upload$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0971
1532457.57.2Microsoft Internet Explorer VBScript memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0966
1532447.47.1Microsoft Windows GDI+ memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2020-0964
1532434.84.6Microsoft Windows Win32k information disclosure$25k-$100k$5k-$25kNot DefinedOfficial Fix0.07CVE-2020-0962
1532427.06.7Microsoft Office Access Connectivity Engine memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0961
1532416.76.4Microsoft Windows JET Database Engine memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0960
1532406.76.4Microsoft Windows JET Database Engine memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0959

Do you need the next level of professionalism?

Upgrade your account now!