Archive 10/07/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1623476.56.5Samsung Mobile Device Pendingintent privileges management$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2020-26601
1623465.55.5Samsung Mobile Device Auto Hotspot information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2020-26600
1623454.44.4Samsung Mobile Device Dynamic Lockscreen improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2020-26599
1623445.55.5LG Mobile Devices Network Management denial of service$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-26598
1623435.55.5LG Mobile Devices Wi-Fi Subsystem denial of service$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-26597
1623426.66.6socket.io-file input validation$0-$5k$0-$5kNot DefinedWorkaround0.00CVE-2020-24807
1623417.67.3Facebook WhatsApp/WhatsApp Business/WhatsApp for Portal RTP Extension Header out-of-bounds write$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1907
1623406.66.4Facebook WhatsApp/WhatsApp Business E-AC-3 Audio Stream heap-based overflow$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1906
1623393.23.1Facebook WhatsApp Media ContentProvider URI information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-1905
1623385.95.7Facebook WhatsApp/WhatsApp Business Attachment pathname traversal$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-1904
1623374.94.7Facebook WhatsApp/WhatsApp Business Unzip denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1903
1623365.35.3Facebook WhatsApp/WhatsApp Business Google service cleartext transmission$5k-$25k$0-$5kNot DefinedNot Defined0.09CVE-2020-1902
1623354.84.6Facebook WhatsApp Message denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-1901
1623347.57.2Zoho ManageEngine Applications Manager RCA module sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-16267
1623337.57.2Zoho ManageEngine Applications Manager SAP Module sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-15927
1623323.53.4xmpp-http-upload path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-15239
1623315.55.5Electron Context Isolation sandbox$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2020-15215
1623305.55.3Electron will-navigate sandbox$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-15174
1623294.44.4GitLab cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2020-13345
1623286.16.1GitLab Custom Project Template information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-13343
1623273.53.5GitLab API denial of service$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-13333
1623265.55.5HCL AppScan Enterprise Rule Update escape output$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-4326
1623254.44.4HCL AppScan Enterprise REST API User Detail cryptographic issues$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2019-4325
1623247.67.3Sierra Wireless ALEOS RPC Server unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8782
1623236.66.6Sierra Wireless ALEOS improper authorization$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-8781
1623223.53.4hellojs Package cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-7741
1623215.55.5phantomjs-seo URL server-side request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-7739
1623205.55.3MPD PPP Authentication out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2020-7466
1623197.67.3MPD L2TP memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix0.01CVE-2020-7465
1623184.54.5IBM MQ Appliance Log File information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2020-4528
1623177.17.1D-Link DAP-1360U Ping privileges management$5k-$25k$5k-$25kNot DefinedOfficial Fix0.09CVE-2020-26582
1623165.55.3Wireshark Facebook Zero Protocol Dissector packet-fbzero.c by infinite loop$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-26575
1623156.56.5Leostream Connection Broker HTTP Header webquery.pl browser_client cross site scripting$0-$5k$0-$5kNot DefinedWorkaround0.07CVE-2020-26574
1623145.55.5Wireshark BLIP Protocol Dissector packet-blip.c null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-25866
1623135.55.5Wireshark MIME Multipart Dissector packet-multipart.c denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-25863
1623125.55.5Wireshark TCP Dissector packet-tcp.c denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-25862
1623116.36.1Crafter CMS Crafter Studio os command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-25803
1623106.36.1Crafter CMS Groovy Script os command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-25802
1623093.43.4QEMU pci.c ide_cancel_dma_sync null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-25743
1623083.43.3QEMU pci.c pci_change_irq_level null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-25742

Do you need the next level of professionalism?

Upgrade your account now!