Archive 09/09/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

1610896.15.8PHP PHAR File phar_parse_zipfile use after free$5k-$25k$0-$5kNot DefinedOfficial Fix0.21CVE-2020-7068
1610886.46.4libproxy url.cpp recvline out-of-bounds write$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-25219
1610878.58.5Yaws Web Server CGI os command injection$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-24916
1610868.58.5Yaws Web Server WebDAV xml external entity reference$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2020-24379
1610857.76.7Facebook Hermes Javascript Interpreter Remote Code Execution$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1913
1610847.76.7Facebook Hermes out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1912
1610838.98.5Nagios XI Backend Script privileges management$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-15903
1610825.15.1Siemens SIMATIC S7-300 CPU/SIMATIC S7-400 CPU Password insufficiently protected credentials$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-15791
1610815.35.1Siemens Spectrum Power Web Server information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-15790
1610806.26.2Siemens Polarion Subversion Webclient Web Application cross-site request forgery$5k-$25k$0-$5kNot DefinedNot Defined0.06CVE-2020-15789
1610795.25.2Siemens Polarion Subversion Webclient Web Application cross site scriting$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2020-15788
1610787.57.5Siemens SIMATIC HMI United Comfort Panel authentication bypass$5k-$25k$5k-$25kNot DefinedNot Defined0.08CVE-2020-15787
1610776.76.7Siemens SIMATIC HMI Basic Panel Brute Force excessive authentication$5k-$25k$5k-$25kNot DefinedNot Defined0.02CVE-2020-15786
1610764.24.2Siemens Siveillance Video Client NTLM Authentication cleartext transmission$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-15785
1610755.35.1Siemens Spectrum Power Configuration File User cleartext storage$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-15784
1610748.27.2ACCEL-PPP l2tp memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-15173
1610737.66.7Python TUF authorization$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-15163
1610727.57.2Loway QueueMetrics sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-13127
1610717.87.5Siemens License Management Utility lmgrd unnecessary privileges$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-10056
1610707.87.8Siemens SIMATIC RTLS Locating Manager Service unquoted search path$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2020-10051
1610697.87.5Siemens SIMATIC RTLS Locating Manager default permission$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-10050
1610686.36.0Siemens SIMATIC RTLS Locating Manager Startup Script default permission$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-10049
1610676.86.5Ingenico Telium 2 NTPT3 Local Privilege Escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2018-17774
1610665.55.3Ingenico Telium 2 NTPT3 buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2018-17773
1610655.55.3Ingenico Telium 2 TRACE Protocol code injection$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2018-17772
1610645.45.2Ingenico Telium 2 FTP hard-coded credentials$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-17771
1610635.35.1Ingenico Telium 2 NTPT3 Protocol buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2018-17770
1610625.35.1Ingenico Telium 2 buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2018-17769
1610616.86.5Ingenico Telium 2 TRACE Protocol Local Privilege Escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2018-17768
1610605.55.3Ingenico Telium 2 ppp hard-coded credentials$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2018-17767
1610594.44.2Ingenico Telium 2 NTPT3 permission assignment$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2018-17766
1610586.86.5Ingenico Telium 2 TRACE Protocol Local Privilege Escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2018-17765
1610575.45.2McAfee MVision Endpoint Symbolic Links link following$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-7325
1610565.75.4McAfee MVision Endpoint Access Control privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-7324
1610555.95.6McAfee Endpoint Security Authentication McTray.exe authentication bypass$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-7323
1610543.33.2McAfee Endpoint Security information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-7322
1610535.85.6McAfee Endpoint Security Protection Mechanism protection mechanism$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-7320
1610527.06.7McAfee Endpoint Security Access Control access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-7319
1610514.34.3SAP 3D Visual Enterprise Viewer RLE File input validation$5k-$25k$5k-$25kNot DefinedNot Defined0.02CVE-2020-6361
1610504.34.3SAP 3D Visual Enterprise Viewer dib File input validation$5k-$25k$5k-$25kNot DefinedNot Defined0.08CVE-2020-6360

Want to stay up to date on a daily basis?

Enable the mail alert feature now!