Archive 08/11/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1599097.87.8EVGA Precision X1 Driver WinRing0.sys privileges management$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-14979
1596867.06.7Adobe Acrobat Reader use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-9722
1596857.06.7Adobe Acrobat Reader use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-9715
1596847.06.7Adobe Acrobat Reader buffer overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-9704
1596837.06.7Adobe Acrobat Reader buffer overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-9701
1596827.06.7Adobe Acrobat Reader buffer overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2020-9700
1596817.06.7Adobe Acrobat Reader buffer overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-9699
1596807.06.7Adobe Acrobat Reader buffer overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-9698
1596795.95.6Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9721
1596785.95.6Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9720
1596775.95.6Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9719
1596765.95.6Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9718
1596755.95.6Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9717
1596745.95.6Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9716
1596733.83.7Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix1.71CVE-2020-9710
1596723.83.7Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix1.96CVE-2020-9707
1596713.83.7Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-9706
1596705.95.6Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix1.64CVE-2020-9705
1596695.95.6Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix1.68CVE-2020-9723
1596684.94.7Adobe Acrobat Reader resource consumption$5k-$25k$0-$5kNot DefinedOfficial Fix1.78CVE-2020-9703
1596674.94.7Adobe Acrobat Reader resource consumption$5k-$25k$0-$5kNot DefinedOfficial Fix2.07CVE-2020-9702
1596665.95.7Adobe Acrobat Reader authorization$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-9712
1596655.95.7Adobe Acrobat Reader authorization$25k-$100k$5k-$25kNot DefinedOfficial Fix1.73CVE-2020-9696
1596647.06.7Adobe Acrobat Reader out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix1.70CVE-2020-9694
1596637.06.7Adobe Acrobat Reader out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.18CVE-2020-9693
1596627.06.7Adobe Acrobat Reader privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-9714
1596614.94.7Adobe Acrobat Reader information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.09CVE-2020-9697
1596606.25.9PACTware Password insufficiently protected credentials$0-$5k$0-$5kNot DefinedOfficial Fix2.20CVE-2020-9404
1596594.44.2PACTware Password insufficiently protected credentials$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9403
1596585.55.3Huawei HonorV20 Encrypted File improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-9244
1596574.23.8Google go-tpm TPM1.2 Library initialization$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-8918
1596562.52.4AWS S3 Crypto SDK for GoLang AES-GCM Key risky encryption$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-8912
1596554.24.0AWS S3 Crypto SDK for GoLang AES-CBC risky encryption$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-8911
1596545.85.6Avaya Aura Communication Manager/Aura Messaging System Management Interface cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-7029
1596536.46.4django-celery-results cleartext storage$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-17495
1596525.95.9GNOME gnome-shell Password Box insufficiently protected credentials$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2020-17489
1596517.47.4radare2 Signature x509.c null termination$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-17487
1596508.58.5Turcom TRCwifiZone Redirect control.php improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.14CVE-2020-17466
1596496.56.5Telegram Desktop Protection Mechanism authorization$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-17448
1596488.58.5Firejail os command injection$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-17368
1596476.56.5Firejail os command injection$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-17367
1596468.58.5Temi Application hard-coded credentials$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-16170
1596456.46.4QEMU net_tx_pkt.c net_tx_pkt_add_raw_fragment input validation$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2020-16092
1596444.44.4Soplanning Persistent cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.25CVE-2020-15597
1596435.25.2Symphony CMS content.blueprintsevents.php appendSubheading cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-15071
1596424.44.2Teradici PCoIP Standard Agent/Graphics Agent Broker Protocol Message information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-13179
1596415.45.2Teradici PCoIP Standard Agent/Graphics Agent Signature Validation insufficient verification of data authenticity$0-$5k$0-$5kNot DefinedOfficial Fix0.25CVE-2020-13178
1596406.56.3Teradici PCoIP Standard Agent/Graphics Agent Support Bundler uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-13177
1596395.75.7Teradici Cloud Access Connector Management Interface Stored cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-13176
1596386.46.4Teradici Cloud Access Connector Management Interface Credentials information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-13175

Might our Artificial Intelligence support you?

Check our Alexa App!