Archive 08/27/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1604428.88.6Red Lion N-Tron 702-W/N-Tron 702M12-W privilege escalation$0-$5k$0-$5kNot DefinedWorkaround8.00-CVE-2017-16544
1604419.89.6Red Lion N-Tron 702-W/N-Tron 702M12-W Backdoor privilege escalation$0-$5k$0-$5kNot DefinedWorkaround8.99-CVE-2020-16204
1604406.16.0Red Lion N-Tron 702-W/N-Tron 702M12-W cross site request forgery$0-$5k$0-$5kNot DefinedWorkaround6.65-CVE-2020-16208
1604396.26.1Red Lion N-Tron 702-W/N-Tron 702M12-W cross site scripting$0-$5k$0-$5kNot DefinedWorkaround6.98-CVE-2020-16206
1604386.26.1Red Lion N-Tron 702-W/N-Tron 702M12-W cross site scripting$0-$5k$0-$5kNot DefinedWorkaround7.02-CVE-2020-16210
1604367.87.5Thomson Reuters Eikon E1 IOT Orchestrator Security privilege escalation$0-$5k$0-$5kNot DefinedNot Defined9.27-CVE-2019-10679
1604096.36.3Trend Micro Micro Deep Security/Vulnerability Protection Management Console Remote Code Execution$5k-$25k$5k-$25kNot DefinedNot Defined1.96CVE-2020-8602
1604086.36.3Dell EMC Isilon OneFS/EMC PowerScale OneFS Likewise memory corruption$5k-$25k$5k-$25kNot DefinedNot Defined4.12CVE-2020-5383
1604076.96.9IBM Security Guardium Insights privilege escalation$5k-$25k$5k-$25kNot DefinedNot Defined3.92CVE-2020-4603
1604065.45.4IBM WebSphere Application Server ND High Availability Deployment Manager cross site scripting$5k-$25k$5k-$25kNot DefinedNot Defined4.03CVE-2020-4575
1604054.84.8IBM Security Guardium Insights HSTS information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined3.55CVE-2020-4175
1604044.84.8IBM Security Guardium Insights weak encryption$5k-$25k$0-$5kNot DefinedNot Defined1.32CVE-2020-4174
1604033.73.7IBM Security Guardium Insights information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined1.14CVE-2020-4172
1604024.34.3IBM Security Guardium Insights Web Page information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined1.14CVE-2020-4171
1604016.46.4IBM Security Guardium Insights weak encryption$5k-$25k$5k-$25kNot DefinedNot Defined1.04CVE-2020-4169
1604006.96.9IBM Security Guardium Insights privilege escalation$5k-$25k$5k-$25kNot DefinedNot Defined1.12CVE-2020-4167
1603995.35.3IBM Security Guardium Insights Error Message information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined1.04CVE-2020-4166
1603987.26.9Cisco FXOS/NX-OS Fabric Services Crash denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.95CVE-2020-3517
1603973.33.2Cisco UCS Manager CLI Restart denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.85CVE-2020-3504
1603968.07.7Cisco NX-OS Call Home OS Command Injection privilege escalation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.75CVE-2020-3454
1603958.88.4Cisco NX-OS Data Management Engine privilege escalation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.56CVE-2020-3415
1603946.96.6Cisco NX-OS Border Gateway Protocol denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix1.03CVE-2020-3398
1603936.96.6Cisco NX-OS Border Gateway Protocol Restart denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix1.03CVE-2020-3397
1603927.87.5Cisco Nexus 3000/Nexus 9000 Enable Secret privilege escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.85CVE-2020-3394
1603916.46.1Cisco NX-OS Protocol Independent Multicast Memory Leak denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.85CVE-2020-3338
1603905.55.3OpenZFS User Permission privilege escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.94CVE-2020-24717
1603895.55.3OpenZFS Permission privilege escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.66CVE-2020-24716
1603885.55.3Scalyr Agent SSL Certificate Validator weak authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.57CVE-2020-24715
1603875.55.3Scalyr Agent SSL Certificate Validator weak authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.85CVE-2020-24714
1603865.45.4WSO2 API Manager Try It Tool Reflected cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.57CVE-2020-24706
1603857.57.5WSO2 API Manager Carbon Management Console Session Hijacking weak authentication$0-$5k$0-$5kNot DefinedNot Defined0.66CVE-2020-24705
1603845.45.4WSO2 API Manager Try It Tool Reflected cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.75CVE-2020-24704
1603837.57.5WSO2 API Manager Carbon Management Console Session Hijacking weak authentication$0-$5k$0-$5kNot DefinedNot Defined0.75CVE-2020-24703
1603823.53.4JetBrains YouTrack information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.65CVE-2020-24618
1603813.53.1EyesOfNetwork eonweb admin_logs Stored cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.66CVE-2020-24390
1603807.37.3Projects World Travel Management System Pic Upload updatesubcategory.php Remote Code Execution$0-$5k$0-$5kNot DefinedNot Defined0.94CVE-2020-24203
1603796.36.3Projects World House Rental File Upload Remote Code Execution$0-$5k$0-$5kNot DefinedNot Defined0.66CVE-2020-24202
1603786.36.3Online Bike Rental Vehicle Image Upload Remote Code Execution$0-$5k$0-$5kNot DefinedNot Defined0.75CVE-2020-24196
1603773.53.5Online Hotel Booking System Pro PHP Registration Form Persistent cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.76CVE-2020-23984
1603763.53.5Michael-Design iChat Realtime PHP Live Support System Persistent cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.75CVE-2020-23983
1603753.53.5DesignMasterEvents Conference Management certificate.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.66CVE-2020-23982
1603743.53.513enforme CMS content.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.66CVE-2020-23981
1603736.36.3DesignMasterEvents Conference Management Administrator Login Page sql injection$0-$5k$0-$5kNot DefinedNot Defined0.37CVE-2020-23980
1603726.36.313enforme CMS content.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.85CVE-2020-23979
1603716.36.3Soluzione Globale Ecommerce CMS offerta.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.66CVE-2020-23978
1603703.53.5KandNconcepts Club CMS team.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined1.03CVE-2020-23977
1603696.36.3Webexcels Ecommerce CMS content.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.75CVE-2020-23976
1603683.53.5Webexcels Ecommerce CMS search.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.94CVE-2020-23975
1603673.53.5Create-Project Manager Online Chat/Social Feed/Message/Client Persistent cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.94CVE-2020-23974
1603666.36.3KandNconcepts Club CMS team.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.56CVE-2020-23973

Do you need the next level of professionalism?

Upgrade your account now!