Archive 09/11/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1611503.53.4Huawei Smartphone information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix5.06CVE-2020-9239
1611494.64.4PrimeKey EJBCA Client Certificate weak authentication$0-$5k$0-$5kNot DefinedOfficial Fix2.99CVE-2020-25276
1611483.53.5Philips Patient Information Center iX Message Parser Restart denial of service$0-$5k$0-$5kNot DefinedNot Defined3.77CVE-2020-16224
1611473.53.5Philips Patient Information Center iX Certificate Enrollment Service Crash denial of service$0-$5k$0-$5kNot DefinedNot Defined3.20CVE-2020-16220
1611463.53.5Philips Patient Information Center iX Restart denial of service$0-$5k$0-$5kNot DefinedNot Defined2.06CVE-2020-16216
1611454.34.3Philips Patient Information Center iX Surveillance Station privilege escalation$0-$5k$0-$5kNot DefinedNot Defined2.14CVE-2020-16212
1611442.52.5Bluetooth Core LE/BR/EDR Man-in-the-Middle weak encryption$0-$5k$0-$5kNot DefinedNot Defined2.63CVE-2020-15802
1611435.65.0Ruby on Rails Action View cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix2.42CVE-2020-15169
1611426.45.6ZeroMQ TCP Socket denial of service$0-$5k$0-$5kNot DefinedOfficial Fix2.06CVE-2020-15166
1611418.88.4Xiaomi R3600 set_WAN6 Interface Remote Code Execution$0-$5k$0-$5kNot DefinedOfficial Fix2.06CVE-2020-14100
1611405.55.3Xiaomi AI Speaker OTA memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix2.21CVE-2020-14096
1611395.55.0Apache Cocoon StreamGenerator privilege escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix2.42CVE-2020-11991
1611382.22.2QNAP Helpdesk cross site request forgery$0-$5k$0-$5kNot DefinedNot Defined2.21CVE-2018-19948
1611374.34.3QNAP Helpdesk information disclosure$0-$5k$0-$5kNot DefinedNot Defined2.28CVE-2018-19947
1611364.64.6QNAP Helpdesk Certificate Validation weak authentication$0-$5k$0-$5kNot DefinedNot Defined2.56CVE-2018-19946
1611354.34.1InspIRCd pgsql Module Use-After-Free denial of service$0-$5k$0-$5kNot DefinedOfficial Fix4.13-CVE-2020-25269
1611345.55.3Taoensso Nippy Deserialization privilege escalation$0-$5k$0-$5kNot DefinedOfficial Fix3.78-CVE-2020-24164
1611335.55.5Philips Patient Information Center iX Certificate Revocation weak authentication$0-$5k$0-$5kNot DefinedNot Defined4.41-CVE-2020-16228
1611325.55.5Philips Patient Information Center iX weak authentication$0-$5k$0-$5kNot DefinedNot Defined4.41-CVE-2020-16222
1611313.53.5Philips Patient Information Center iX Web Application cross site scripting$0-$5k$0-$5kNot DefinedNot Defined4.13-CVE-2020-16218
1611305.55.5Philips Patient Information Center iX CSV File CSV Injection privilege escalation$0-$5k$0-$5kNot DefinedNot Defined4.20-CVE-2020-16214
1611294.34.1InspIRCd Silence Module Use-After-Free denial of service$0-$5k$0-$5kNot DefinedOfficial Fix3.64-CVE-2019-20918
1611283.53.4InspIRCd MySQL Module NULL Pointer Dereference denial of service$0-$5k$0-$5kNot DefinedOfficial Fix3.49-CVE-2019-20917
1611276.36.3Hyland OnBase JSON Deserialization privilege escalation$0-$5k$0-$5kNot DefinedNot Defined7.07-CVE-2020-25260
1611265.55.5Hyland OnBase XML Data Deserialization privilege escalation$0-$5k$0-$5kNot DefinedNot Defined4.86-CVE-2020-25259
1611255.55.5Hyland OnBase ASP.NET BinaryFormatter.Deserialize Code Execution$0-$5k$0-$5kNot DefinedNot Defined3.86-CVE-2020-25258
1611245.55.5Hyland OnBase XML Data XML External Entity$0-$5k$0-$5kNot DefinedNot Defined5.41-CVE-2020-25257
1611235.55.5Hyland OnBase PKI Certificate/Private Key weak authentication$0-$5k$0-$5kNot DefinedNot Defined4.48-CVE-2020-25256
1611224.34.3Hyland OnBase denial of service$0-$5k$0-$5kNot DefinedNot Defined4.43-CVE-2020-25255
1611216.36.3Hyland OnBase AddWorkViewLinkedServer sql injection$0-$5k$0-$5kNot DefinedNot Defined5.07-CVE-2020-25254
1611206.36.3Hyland OnBase sql injection$0-$5k$0-$5kNot DefinedNot Defined4.70-CVE-2020-25253
1611196.36.3Hyland OnBase Default Credentials weak authentication$0-$5k$0-$5kNot DefinedNot Defined3.28-CVE-2020-25252
1611183.53.5Hyland OnBase Client weak encryption$0-$5k$0-$5kNot DefinedNot Defined3.13-CVE-2020-25251
1611175.55.5Hyland OnBase Client Application Log privilege escalation$0-$5k$0-$5kNot DefinedNot Defined2.85-CVE-2020-25250
1611165.55.5Hyland OnBase Client Application unknown vulnerability$0-$5k$0-$5kNot DefinedNot Defined4.41-CVE-2020-25249
1611155.55.5Hyland OnBase directory traversal$0-$5k$0-$5kNot DefinedNot Defined2.63-CVE-2020-25248
1611145.55.5Hyland OnBase directory traversal$0-$5k$0-$5kNot DefinedNot Defined2.43-CVE-2020-25247

Might our Artificial Intelligence support you?

Check our Alexa App!