Archive 10/14/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1626497.07.0Foxit PhantomPDF GIF File access control$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2020-17410
1626932.52.5Telegram Desktop Export Telegram Data wizard improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-25824
1626924.74.7Trend Micro Antivirus Kernel Extension information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-25778
1626915.55.5Trend Micro Antivirus Web Threat Protection access control$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-25777
1626904.84.6United Planet Intrexx Professional cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-24188
1626897.87.5Google Android Kernel binder.c binder_release_work use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-0423
1626883.33.2Google Android Pendingintent NotificationImportExportListener.java constructImportFailureNotification information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0422
1626876.56.3Google Android Error Handling String8.cpp appendFormatV privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0421
1626866.56.3Google Android Permission Check GpuService.cpp setUpdatableDriverPath memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0420
1626854.44.2Google Android Permission Check PackageInstallerSession.java generateInfo information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0419
1626846.86.5Google Android Settings Screen permission$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-0416
1626834.44.2Google Android SystemUI information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0415
1626825.45.1Google Android Audio Buffer Threads.cpp threadLoop information disclosure$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0414
1626816.46.1Google Android Bluetooth Server gatt_cl.cc gatt_process_read_by_type_rsp information disclosure$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0413
1626803.33.2Google Android ActivityManagerService.java setProcessMemoryTrimLevel information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0412
1626795.45.1Google Android AACExtractor.cpp ~AACExtractor out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-0411
1626784.44.2Google Android Pendingintent SapServer.java setNotification information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0410
1626776.56.3Google Android String16.cpp remove integer overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-0408
1626764.44.2Google Android Pendingintent NotificationMgr.java showDataRoamingNotification information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0400
1626754.44.2Google Android PendingIntent Error NotificationMgr.java updateMwi information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0398
1626744.44.2Google Android Permission Check PasspointManager.java onWnmFrameReceived information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-0378
1626736.46.4Google Android Bluetooth Server gatt_cl.cc gatt_process_read_by_type_rsp out-of-bounds read$25k-$100k$25k-$100kNot DefinedOfficial Fix0.06CVE-2020-0377
1626727.37.0Google Android out-of-bounds read$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0376
1626717.37.0Google Android out-of-bounds read$5k-$25k$5k-$25kNot DefinedOfficial Fix0.30CVE-2020-0371
1626707.37.0Google Android out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.40CVE-2020-0367
1626697.37.0Google Android out-of-bounds read$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-0339
1626687.37.0Google Android out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2020-0283
1626674.44.2Google Android Permission Check UiccAccessRule.java getCarrierPrivilegeStatus information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0246
1626667.07.0Allen-Bradley Flex IO 1794-AENT-B ENIP Request Path Data Segment denial of service$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-6087
1626656.66.6Allen-Bradley Flex IO 1794-AENT-B ENIP Request Path Data Segment denial of service$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-6086
1626645.55.5Allen-Bradley Flex IO 1794-AENT-B ENIP Request Path Port Segment denial of service$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-6083
1626636.66.4LAquis SCADA Project File out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-25188
1626627.17.1IProom MMC+ Server Login Page redirect$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-24551
1626616.56.3Google Android SurfaceFlinger SurfaceFlinger.cpp createLayer privileges management$25k-$100k$5k-$25kNot DefinedOfficial Fix0.72CVE-2019-2194
1626605.45.2Siemens DCA Vantage Analyzer Onboard Database hard-coded password$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-7590
1626597.06.7McAfee Total Protection Task Scheduling privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-7330
1626584.84.8Trend Micro Antivirus Internationalized Domain Name access control$5k-$25k$5k-$25kNot DefinedNot Defined0.08CVE-2020-25779
1626575.65.4Linux Kernel Geneve Endpoint cleartext transmission$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-25645
1626567.07.0Foxit Reader Annotation Object use after free$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-17417
1626557.07.0Foxit Reader JPEG2000 Image out-of-bounds write$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-17416
1626548.38.3Foxit PhantomPDF Update Service permission assignment$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-17415
1626538.38.3Foxit Reader Update Service permission$0-$5k$0-$5kNot DefinedNot Defined0.17CVE-2020-17414
1626527.07.0Foxit PhantomPDF U3D Object stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2020-17413
1626516.06.0Foxit PhantomPDF U3D Object information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2020-17412
1626503.83.8Foxit PhantomPDF U3D Object information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.20CVE-2020-17411
1626485.45.4Netgear R6120/R6080/R6260/R6220/R6020/JNR3210/WNR2020 mini_httpd Service improper authentication$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-17409
1626478.58.2Microhard Bullet-LTE Authentication Header stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-17407
1626468.88.4Microhard Bullet-LTE tools.sh improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-17406
1626455.55.5Siemens DCA Vantage Analyzer Kiosk Mode access control$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-15797
1626447.06.7Channelmgnt Plug-In ACL access control$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-15251

Interested in the pricing of exploits?

See the underground prices here!