Archive 06/04/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1594363.32.9Microsoft Windows mshta.exe xml external entity reference$25k-$100k$0-$5kProof-of-ConceptNot Defined0.06
1562113.33.3Athom Homey/Homey Pro Network Configuration cleartext storage$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-9462
1562106.46.4url-regex Regular Expression resource consumption$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-7661
1562096.46.4MQTT Protocol resource consumption$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-13849
1562086.46.4Portable UPnP SDK SSDP Message service_table.c FindServiceEventURLPath null pointer dereference$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-13848
1562023.93.9Samsung Mobile Devices DeX Lockscreen improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-13838
1562013.93.9Samsung Mobile Devices Lockscreen improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-13837
1562006.46.4Samsung Mobile Devices HWRResProvider path traversal$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-13836
1561996.76.7Samsung Mobile Devices Gatekeeper Trustlet insufficiently protected credentials$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-13835
1561987.47.4Samsung Mobile Devices Secure Folder authorization$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-13834
1561978.28.2Samsung Mobile Devices System Area link following$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-13833
1561968.58.5Samsung Mobile Devices TEEGRIS memory corruption$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2020-13832
1561958.58.5Samsung Mobile Devices Trustonic Kinibi memory corruption$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2020-13831
1561946.46.4Samsung Mobile Devices One UI HOME Log information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-13830
1561937.47.4Samsung Mobile Devices SEAndroid Protection Mechanism privileges management$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-13829
1561925.95.6Foxit Reader/PhantomPDF resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-13815
1561918.07.7Foxit Reader/PhantomPDF Dictionary use after free$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-13814
1561906.56.3Foxit Studio Photo DLL FoxitStudioPhoto366_3.6.6.916.exe untrusted search path$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-13813
1561896.56.3Foxit Studio Photo DLL untrusted search path$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-13812
1561887.06.7Foxit Studio Photo out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-13811
1561874.64.6QEMU Recursion ati.c ati_mm_write infinite loop$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-13800
1561865.45.4QEMU pci.c out-of-bounds read$5k-$25k$0-$5kNot DefinedNot Defined1.52CVE-2020-13791
1561858.58.2MiniShare out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-13768
1561846.56.5QEMU loader.c rom_copy memory corruption$5k-$25k$5k-$25kNot DefinedNot Defined0.09CVE-2020-13765
1561838.57.5PostgreSQL JDBC Driver xml external entity reference$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-13692
1561825.25.2Pydio Cells cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-12853
1561815.55.5Pydio Cells Software Update input validation$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-12852
1561807.27.2Pydio Cells Web Application information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-12851
1561795.95.9Pydio Cells Web Application input validation$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-12847
1561785.45.4Castel NextGen DVR Web Interface __RequestVerificationToken cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-11682
1561776.26.2Castel NextGen DVR SMTP Server Credentials insufficiently protected credentials$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2020-11681
1561766.46.4Castel NextGen DVR Authorization authorization$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-11680
1561757.57.5Castel NextGen DVR privileges management$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-11679
1561744.44.2QEMU PAuth Support information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-10702
1561737.47.1Foxit Reader/PhantomPDF Signature Validation signature verification$0-$5k$0-$5kNot DefinedOfficial Fix1.65CVE-2019-20837
1561727.57.2Foxit Reader/PhantomPDF Cloud Credential information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix1.86CVE-2019-20836
1561714.34.1Foxit Reader/PhantomPDF Homograph unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix1.65CVE-2019-20835
1561707.47.1Foxit PhantomPDF Signature Validation signature verification$0-$5k$0-$5kNot DefinedOfficial Fix0.21CVE-2019-20834
1561697.57.2Foxit PhantomPDF Cloud Credential insufficiently protected credentials$0-$5k$0-$5kNot DefinedOfficial Fix1.86CVE-2019-20833
1561684.34.1Foxit PhantomPDF Homograph unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix1.81CVE-2019-20832
1561676.46.1Foxit Reader/PhantomPDF 3D Plugin Beta denial of service$0-$5k$0-$5kNot DefinedOfficial Fix1.64CVE-2019-20831
1561668.07.7Foxit Reader/PhantomPDF out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.17CVE-2019-20830
1561655.95.6Foxit Reader/PhantomPDF FXSYS_wcslen null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.13CVE-2019-20829
1561647.47.1Foxit Reader/PhantomPDF Field AP buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix1.78CVE-2019-20828
1561637.06.7Foxit Reader/PhantomPDF out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.17CVE-2019-20827
1561625.95.6Foxit Reader/PhantomPDF null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix1.86CVE-2019-20826
1561618.07.7Foxit PhantomPDF out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix1.73CVE-2019-20825
1561605.95.6Foxit PhantomPDF FXSYS_wcslen null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix1.62CVE-2019-20824
1561596.96.6Foxit PhantomPDF Field AP buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.51CVE-2019-20823
1561588.07.7Foxit Reader/PhantomPDF 3D Plugin Beta out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix1.78CVE-2019-20822

Might our Artificial Intelligence support you?

Check our Alexa App!