Archive 08/17/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

1600207.27.2Huawei E6878-370 WAN authorization$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2020-9241
1600195.45.2Huawei Taurus-AL00B Lock Protection use after free$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9237
1600187.87.8Huawei FusionCompute improper authentication$5k-$25k$5k-$25kNot DefinedNot Defined0.07CVE-2020-9233
1600177.57.2EdgeMAX EdgeSwitch HTTP Interface command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-8233
1600165.45.4EdgeMAX EdgeSwitch SNMP information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-8232
1600155.45.4Nextcloud Desktop Client ASLR/DEP memory corruption$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-8230
1600145.85.6phpBB Image Dimension externally controlled reference$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-8226
1600138.58.2Citrix XenMobile Server Access Control routine$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-8212
1600128.58.2Citrix XenMobile Server command injection$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-8211
1600116.46.1Citrix XenMobile Server Credentials information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8210
1600106.46.1Citrix XenMobile Server Access Control path traversal$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8209
1600095.24.9Citrix XenMobile Server cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-8208
1600088.57.5linux-cmdline Prototype privileges management$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-7704
1600074.24.0Cisco Webex Meetings Desktop App User Interface input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.09CVE-2020-3502
1600064.24.0Cisco Webex Meetings Desktop App User Interface input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.09CVE-2020-3501
1600055.25.0Cisco StarOS memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-3500
1600044.64.4Cisco Webex Meeting Contacts information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.09CVE-2020-3472
1600034.54.3Cisco UCS Director Web-based Management Interface cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-3464
1600025.75.4Cisco Webex Meeting Web-based Management Interface cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-3463
1600014.84.6Cisco IOS XR Border Gateway Protocol improper check for unusual conditions$5k-$25k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-3449
1600006.66.3Cisco Cyber Vision Center Access Control access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-3448
1599994.94.7Cisco Email Security Appliance CLI log file$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-3447
1599985.45.2Cisco AnyConnect Secure Mobility Client IPC input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-3435
1599974.44.2Cisco AnyConnect Secure Mobility Client IPC input validation$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-3434
1599967.87.5Cisco AnyConnect Secure Mobility Client IPC uncontrolled search path$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-3433
1599954.34.1Cisco Webex Meeting Scheduled Meeting Template access control$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-3413
1599944.94.7Cisco Webex Meeting Scheduled Meeting Template access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-3412
1599936.46.1Cisco DNA Center information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-3411
1599926.96.6Cisco Small Business Smart/Managed Switch input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-3363
1599915.75.4Cisco Unified Communications Manager Web UI cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-3346
1599907.47.4LuaJIT lj_err.c lj_err_run out-of-bounds read$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-24372
1599895.35.3Lua lgc.c release of reference$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-24371
1599886.36.3Lua ldebug.c integer underflow$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-24370
1599876.46.4Lua ldebug.c stripped null pointer dereference$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-24369
1599867.57.5ShopXO os command injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-24220
1599858.58.5SourceCodester Online Shopping Alphaware sql injection$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2020-24208
1599848.27.6ftp-srv PORT Command server-side request forgery$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-15152
1599837.47.1Apache Shiro improper authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-13933
1599825.24.9Teradici PCoIP Management Console Reflected cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-13183
1599817.57.2NoviFlow NoviWare Command-Line Interface os command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2020-13122
1599806.46.4Play Framework cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-12480
1599647.57.5FusionCompute os command injection$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-9242
1599633.53.5Huawei Mate 20 P2P Connection denial of service$5k-$25k$0-$5kNot DefinedNot Defined0.10CVE-2020-9103
1599628.58.5nis-utils setValue Prototype privileges management$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-7703
1599618.58.5templ8 parse Prototype privileges management$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-7702
1599605.95.9IBM Spectrum Virtualize LDAP privileges management$5k-$25k$5k-$25kNot DefinedNot Defined0.84CVE-2020-4686
1599597.57.2Apache Solr input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-13941
1599588.58.2DB Soft SGLAC SVCManejador.svc Webservice ProcedimientoGenerico sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.25CVE-2020-12606

Want to stay up to date on a daily basis?

Enable the mail alert feature now!