Archive 08/11/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1599097.87.8EVGA Precision X1 Driver WinRing0.sys privileges management$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-14979
1596867.06.7Adobe Acrobat Reader use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2020-9722
1596857.06.7Adobe Acrobat Reader use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-9715
1596847.06.7Adobe Acrobat Reader buffer overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2020-9704
1596837.06.7Adobe Acrobat Reader buffer overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-9701
1596827.06.7Adobe Acrobat Reader buffer overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2020-9700
1596817.06.7Adobe Acrobat Reader buffer overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.07CVE-2020-9699
1596807.06.7Adobe Acrobat Reader buffer overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2020-9698
1596795.95.6Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9721
1596785.95.6Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.01CVE-2020-9720
1596775.95.6Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-9719
1596765.95.6Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-9718
1596755.95.6Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9717
1596745.95.6Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9716
1596733.83.7Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-9710
1596723.83.7Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-9707
1596713.83.7Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-9706
1596705.95.6Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-9705
1596695.95.6Adobe Acrobat Reader out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-9723
1596684.94.7Adobe Acrobat Reader resource consumption$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-9703
1596674.94.7Adobe Acrobat Reader resource consumption$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-9702
1596665.95.7Adobe Acrobat Reader authorization$25k-$100k$5k-$25kNot DefinedOfficial Fix0.07CVE-2020-9712
1596655.95.7Adobe Acrobat Reader authorization$25k-$100k$5k-$25kNot DefinedOfficial Fix0.01CVE-2020-9696
1596647.06.7Adobe Acrobat Reader out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-9694
1596637.06.7Adobe Acrobat Reader out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2020-9693
1596627.06.7Adobe Acrobat Reader privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2020-9714
1596614.94.7Adobe Acrobat Reader information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-9697
1596606.25.9PACTware Password insufficiently protected credentials$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-9404
1596594.44.2PACTware Password insufficiently protected credentials$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9403
1596585.55.3Huawei HonorV20 Encrypted File improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9244
1596574.23.8Google go-tpm TPM1.2 Library initialization$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8918
1596562.52.4AWS S3 Crypto SDK for GoLang AES-GCM Key risky encryption$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-8912
1596554.24.0AWS S3 Crypto SDK for GoLang AES-CBC risky encryption$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-8911
1596545.85.6Avaya Aura Communication Manager/Aura Messaging System Management Interface cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-7029
1596536.46.4django-celery-results cleartext storage$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-17495
1596525.95.9GNOME gnome-shell Password Box insufficiently protected credentials$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-17489
1596517.47.4radare2 Signature x509.c null termination$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-17487
1596508.58.5Turcom TRCwifiZone Redirect control.php improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-17466
1596496.56.5Telegram Desktop Protection Mechanism authorization$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-17448
1596488.58.5Firejail os command injection$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-17368

Do you need the next level of professionalism?

Upgrade your account now!