Archive 04/28/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1545426.46.4NiFi Registry Logout session expiration$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-9482
1545416.86.8fun-map Prototype resource consumption$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2020-7644
1545405.35.1FreeBSD TCP SYN-ACK Kernel Memory information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-7451
1545398.58.5Ivanti Avalanche Apache HTTP Server sql injection$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-12442
1545384.44.4php-fusion Event banners.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-12438
1545375.45.1libvirt qemu_driver.c qemuDomainGetStatsIOThread memory leak$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-12430
1545368.58.5Online Course Registration change-password.php sql injection$0-$5k$0-$5kProof-of-ConceptNot Defined0.04CVE-2020-12429
1545354.44.4Open-AudIT cross site scripting$0-$5k$0-$5kProof-of-ConceptNot Defined0.01CVE-2020-12261
1545346.46.1OpenLDAP slapd filter.c resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-12243
1545337.57.5Tiny File Manager Ajax File Copy path traversal$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-12103
1545326.36.3Tiny File Manager Ajax path traversal$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-12102
1545315.95.2Electron Cash SLP Edition Mint Tool privileges management$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-11014
1545307.47.4JSON Gem Object input validation$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-10663
1545296.46.1Ignition 8 Gateway Logging Route access control$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-10641
1545288.58.2OpenThread GeneratePskc out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2019-20791
1545275.45.2FreeBSD ioctl Command input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2019-15877
1545265.45.2FreeBSD ioctl Command privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-15876
1545254.84.8Sales Force Assistant cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-5570
1545244.34.3IBM WebSphere Application Server/Liberty information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2020-4329
1545233.43.4OTRS Certificates Download insertion of sensitive information into sent data$0-$5k$0-$5kNot DefinedNot Defined0.01CVE-2020-1774
1545227.97.9Undertow AJP Connector improper authorization$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-1745
1545215.35.1Octopus Deploy TaskView Permission information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.01CVE-2020-12286
1545208.58.5FFmpeg cbs_jpeg.c cbs_jpeg_split_fragment out-of-bounds write$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-12284
1545197.57.5Open-AudIT exec injection$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-12078
1545184.43.9Hashicorp Nomad/Nomad Enterprise Web UI cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-10944
1545174.44.4Lexmark Printer cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-10094
1545164.44.3Lexmark Pro910 Inkjet cross site scripting$0-$5k$0-$5kNot DefinedWorkaround0.03CVE-2020-10093
1545157.57.2Netgear JNR1010v2/JWNR2010v5/WNR1000v4/WNR2020/WNR2050 improper authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-21226
1545146.15.9Netgear R9000 command injection$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-21225
1545137.57.2Netgear WNR2000v5 memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-21224
1545127.57.2Netgear WNR2000v5 memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2018-21223
1545117.57.2Netgear WNR2000v5 memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-21222
1545107.57.2Netgear D3600/D6000/R9000 memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2018-21221
1545097.57.2Netgear WNR2000v5 memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-21220
1545087.57.2Netgear WNR2000v5 memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-21219
1545077.57.2Netgear WNR2000v5 memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-21218
1545067.57.2Netgear D3600/D6000/D6100/R6100 memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-21217
1545057.57.2Netgear D3600/D6000/D6100/R6100 memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.01CVE-2018-21216
1545047.57.2Netgear WN3100RPv2 memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-21215
1545037.57.2Netgear WN3100RPv2 memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.01CVE-2018-21214

Do you want to use VulDB in your project?

Use the official API to access entries easily!