Archive 09/03/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1607174.44.2Huawei Honor 20 Pro Module information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.09CVE-2020-9235
1607165.55.5Huawei B2368-22/B2368-66 code injection$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2020-9199
1607152.42.3Huawei Mate 20 Text input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-9083
1607145.75.5Rapid7 Nexpose Unquoted Search Path unquoted search path$0-$5k$0-$5kNot DefinedOfficial Fix0.01CVE-2020-7382
1607134.84.6Rapid7 Nexpose Installer code injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-7381
1607125.95.9IBM API Connect API Manager privileges management$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2020-4638
1607116.46.4IBM API Connect User Registration privileges management$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-4337
1607106.46.1GnuPG/Gpg4win Key Import key-check.c Array Index buffer overflow$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-25125
1607094.14.1vBulletin attachment.php&do=rebuild&type cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-25124
1607084.14.1vBulletin Admin CP cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-25123
1607074.14.1vBulletin Admin CP cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2020-25122
1607064.14.1vBulletin Admin CP cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-25121
1607054.14.1vBulletin Admin CP cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-25120
1607044.14.1vBulletin Admin CP cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2020-25119
1607034.14.1vBulletin Admin CP cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-25118
1607024.14.1vBulletin Admin CP cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-25117
1607014.14.1vBulletin Admin CP cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-25116
1607004.14.1vBulletin Admin CP cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2020-25115
1606996.76.5Eramba Password Recovery password recovery$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-25105
1606984.44.3Eramba Attachment cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-25104
1606975.25.2silverstripe-advancedreports item cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-25102
1606966.76.7Setelsa Conacwin /../../path/file_to_disclose path traversal$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2020-25068
1606955.95.9Mara CMS unrestricted upload$0-$5k$0-$5kProof-of-ConceptNot Defined0.09CVE-2020-25042
1606948.58.5Heybbs login.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-25006
1606938.58.5Heybbs msg.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-25005
1606928.58.5Heybbs user.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-25004
1606917.57.5Xpdf Error.cc fprintf out-of-bounds write$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-24999
1606907.57.5Xpdf Catalog.cc ~TextString initialization$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-24996
1606897.57.5php-fusion downloads.php privileges management$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2020-24949
1606885.95.9Autoptimize Plugin Ajax unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2020-24948
1606878.58.5Pancake Session Cookie hard-coded credentials$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-24876
1606865.45.2MidnightBSD/FreeBSD Kernel kern_getfsstat out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-24863
1606854.44.2MidnightBSD/FreeBSD linux_emul.h em_find null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-24385
1606848.58.5Sourcecodetester Daily Tracker System sql injection$0-$5k$0-$5kProof-of-ConceptNot Defined0.07CVE-2020-24193
1606836.56.5Shenzhen Tencent App DLL uncontrolled search path$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-24162
1606826.56.5Guangzhou NetEase Mail Master DLL untrusted search path$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2020-24161
1606816.56.5Shenzhen Tencent TIM Windows Client DLL untrusted search path$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-24160
1606807.87.8Guangzhou NetEase Youdao Dictionary DLL untrusted search path$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-24159
1606796.56.5360 Speed Browser DLL untrusted search path$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-24158
1606785.75.7xxl-job JobGroupController.java cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-23814

Do you need the next level of professionalism?

Upgrade your account now!