Archive 06/18/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCVE
1569555.55.5FusionSphere OpenStack Permission Management privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-9225
1569547.36.4mversion Library Remote Code Execution$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-4059
1569533.53.4Huawei Mate 30 Bluetooth information disclosure$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-1835
1569524.64.4Huawei P30/P30 Pro Software Package Integrity Check weak authentication$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-1834
1569516.66.6WSO2 Identity Server/IS as Key Manager Open Redirect$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-14446
1569504.24.2WSO2 Identity Server/IS as Key Manager Management Console Basic Policy Editor Reflected cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-14445
1569494.74.7WSO2 Identity Server/IS as Key Manager Management Console Policy Administration Reflected cross site scripting$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-14444
1569486.35.8Dolibarr ERP CRM card.php sql injection$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-14443
1569477.57.2Netgear RBS850 command injection$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-14442
1569467.57.2Netgear RBS850 command injection$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-14441
1569457.57.2Netgear RBS850 command injection$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-14440
1569447.57.2Netgear RBS850 command injection$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-14439
1569437.57.2Netgear RBS850 command injection$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-14438
1569427.57.2Netgear RBS850 command injection$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-14437
1569405.95.6Netgear SRK60B06 command injection$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-14435
1569397.47.1Netgear RBS840 command injection$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-14434
1569387.47.1Netgear RBS750 command injection$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-14433
1569376.25.9Netgear RBS850 cross site request forgery$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-14432
1569367.16.8Netgear RBS850 Credentials information disclosure$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-14431
1569357.16.8Netgear RBS850 Credentials information disclosure$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-14430
1569347.16.8Netgear RBS850 Credentials information disclosure$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-14429
1569337.16.8Netgear RBS850 Credentials information disclosure$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-14428
1569327.16.8Netgear RBS850 Credentials information disclosure$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-14427
1569317.16.8Netgear RBS840 Credentials information disclosure$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-14426
1569302.62.5Convos Password Reset Settings.pm weak authentication$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-14423
1569295.35.3Python ipaddress.py IPv6Interface denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-14422
1569286.36.3aaPanel Script Content Box Command privilege escalation$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-14421
1569275.35.1CISOfy Lynis Access Control TOCTOU privilege escalation$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-13882
1569266.36.3gVectors wpDiscuz Plugin wpdLoadMoreComments sql injection$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-13640
1569255.55.1ARM Mbed OS CoAP Library sn_coap_parser_options_parse() memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-12887
1569245.54.9ARM Mbed OS CoAP Library sn_coap_parser_options_parse() memory corruption$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-12886
1569233.53.3ARM Mbed OS CoAP Library sn_coap_parser_options_parse_multiple_options() denial of service$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-12885
1569225.55.1ARM Mbed OS CoAP Library sn_coap_parser_options_parse_multiple_options() memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-12884
1569215.55.1ARM Mbed OS CoAP Library sn_coap_parser_options_parse() memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-12883
1569205.55.5Sophos XG Firewall awarrensmtp Heap-based memory corruption$0-$5k$0-$5kNot DefinedNot DefinedCVE-2020-11503
1569195.14.9Ansible Tower rsyslog Token information disclosure$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-10782
1569183.33.3CISOfy Lynis License Key information disclosure$0-$5k$0-$5kNot DefinedNot DefinedCVE-2019-13033
1569175.55.3Linux Kernel slip.c memory corruption$5k-$25k$5k-$25kNot DefinedOfficial FixCVE-2020-14416
1569126.66.3Cisco Cisco Email Security Appliance Antispam Protection Mechanism privilege escalation$25k-$100k$5k-$25kNot DefinedOfficial FixCVE-2020-3368
1569116.36.1Cisco IOS XR Gigabit Ethernet Management Interface privilege escalation$25k-$100k$5k-$25kNot DefinedOfficial FixCVE-2020-3364
1569103.63.4Cisco Network Services Orchestrator CLI Timing information disclosure$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-3362
1569096.86.5Cisco Webex Meetings/WebEx Meetings Server privilege escalation$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-3361
1569085.35.1Cisco IP Phone 7800/IP Phone 8800 Web-based Management Interface information disclosure$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-3360
1569075.75.4Cisco Data Center Network Manager Web-based Management Interface Stored cross site scripting$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-3356
1569064.54.3Cisco Data Center Network Manager Web-based Management Interface Stored cross site scripting$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-3355
1569054.54.3Cisco Data Center Network Manager Web-based Management Interface Stored cross site scripting$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-3354
1569044.94.7Cisco AMP for Endpoints privilege escalation$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-3350
1569034.44.2Cisco Webex Meetings Desktop App information disclosure$0-$5k$0-$5kNot DefinedOfficial FixCVE-2020-3347
1569028.07.7Cisco Webex Meetings Desktop App Software Update privilege escalation$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-3342
1569016.05.8Cisco Umbrella Web Application Open Redirect$5k-$25k$0-$5kNot DefinedOfficial FixCVE-2020-3337

Might our Artificial Intelligence support you?

Check our Alexa App!