Archive 10/15/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1628247.06.3Microsoft Visual Studio Code JSON unknown vulnerability$5k-$25k$5k-$25kProof-of-ConceptOfficial Fix3.27CVE-2020-17023
1628237.87.0Microsoft Windows Codecs Library memory corruption$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix2.94CVE-2020-17022
1627485.55.5F2fs-Tools F2fs.Fsck f2fs Filesystem fsck_chk_orphan_node heap-based buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.33CVE-2020-6108
1627473.53.5F2fs-Tools F2fs.Fsck f2fs Filesystem dev_read information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.33CVE-2020-6107
1627463.53.5F2fs-Tools F2fs.Fsck Filesystem init_node_manager information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.39CVE-2020-6106
1627455.55.5F2fs-Tools F2fs.Fsck f2fs Filesystem unknown vulnerability$0-$5k$0-$5kNot DefinedNot Defined0.20CVE-2020-6105
1627443.53.5F2fs-Tools F2fs.Fsck f2fs Filesystem get_dnode_of_data information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.26CVE-2020-6104
1627435.35.1Qualcomm QCMAP SetGatewayUrl os command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.20CVE-2020-25859
1627423.53.4Qualcomm QCMAP Mobile Hotspot QCMAP_Web_CLIENT Tokenizer denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.33CVE-2020-25858
1627413.13.1libarchive Archive File archive_string.c archive_string_append_from_wcs out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.26CVE-2020-21674
1627404.34.1B&R GateManager 4260/GateManager 9250 log file$0-$5k$0-$5kNot DefinedOfficial Fix0.27CVE-2020-11646
1627394.34.1B&R GateManager 4260/GateManager 9250 denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.27CVE-2020-11645
1627384.34.1B&R GateManager 4260/GateManager 9250 Audit Log improper output neutralization for logs$0-$5k$0-$5kNot DefinedOfficial Fix0.34CVE-2020-11644
1627374.34.1B&R GateManager 4260/GateManager 9250 information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.34CVE-2020-11643
1627365.04.8B&R SiteManager files or directories accessible$0-$5k$0-$5kNot DefinedOfficial Fix0.40CVE-2020-11642
1627355.04.8B&R SiteManager file inclusion$0-$5k$0-$5kNot DefinedOfficial Fix0.27CVE-2020-11641
1627345.35.1B&R Automation Runtime TFTP Service memory leak$0-$5k$0-$5kNot DefinedOfficial Fix0.40CVE-2020-11637
1627334.74.7com.mintegral.msdk:alphab Android SDK information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.40CVE-2020-7744
1627327.37.3IBM Security Access Manager/Security Verify Access authentication$5k-$25k$5k-$25kNot DefinedNot Defined0.40CVE-2020-4499
1627316.36.3IBM Security Access Manager/Security Verify Access response splitting$5k-$25k$5k-$25kNot DefinedNot Defined0.47CVE-2019-4552
1627306.76.4McAfee MVision Endpoint Core Trust Component security check for standard$5k-$25k$0-$5kNot DefinedOfficial Fix0.40CVE-2020-7327
1627296.76.4McAfee Active Response Core Trust Component security check for standard$5k-$25k$0-$5kNot DefinedOfficial Fix0.40CVE-2020-7326
1627286.76.4McAfee Application and Change Control MSI Configuration access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.27CVE-2020-7334
1627275.65.4Veritas APTARE Login authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.13CVE-2020-27157
1627267.37.0Veritas APTARE Authorization authorization$0-$5k$0-$5kNot DefinedOfficial Fix0.14CVE-2020-27156
1627253.53.5SAP 3D Visual Enterprise Viewer RH File denial of service$0-$5k$0-$5kNot DefinedNot Defined0.61CVE-2020-6376
1627244.34.3SAP 3D Visual Enterprise Viewer CGM File denial of service$5k-$25k$0-$5kNot DefinedNot Defined0.08CVE-2020-6375
1627234.34.3SAP 3D Visual Enterprise Viewer JT File denial of service$5k-$25k$0-$5kNot DefinedNot Defined0.08CVE-2020-6374
1627224.34.3SAP 3D Visual Enterprise Viewer PDF File denial of service$5k-$25k$0-$5kNot DefinedNot Defined0.28CVE-2020-6373
1627214.34.3SAP 3D Visual Enterprise Viewer PDF File denial of service$5k-$25k$0-$5kNot DefinedNot Defined0.15CVE-2020-6372
1627204.34.3SAP NetWeaver Application Server ABAP information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined0.07CVE-2020-6371
1627193.53.5SAP Business Planning and Consolidation cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-6368
1627186.36.3SAP NetWeaver AS JAVA Start Page redirect$5k-$25k$5k-$25kNot DefinedNot Defined0.07CVE-2020-6365
1627175.55.5SAP Solution Manager/Focused Run CA Introscope Enterprise Manager code injection$5k-$25k$5k-$25kNot DefinedNot Defined0.07CVE-2020-6364
1627164.34.3SAP Commerce Cloud session expiration$5k-$25k$5k-$25kNot DefinedNot Defined0.07CVE-2020-6363
1627153.53.5SAP Netweaver Enterprise Portal Fiori Framework Page cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.25CVE-2020-6323
1627144.34.3SAP NetWeaver Application Server Java cross site scripting$5k-$25k$0-$5kNot DefinedNot Defined0.33CVE-2020-6319
1627133.53.5SAP Commerce Cloud Web CMS Components cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.13CVE-2020-6272
1627124.34.3Live Chat - Live Support cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2020-5642
1627116.36.0BlueZ MGMT Event att.c disconnect_cb double free$0-$5k$0-$5kNot DefinedOfficial Fix0.48CVE-2020-27153
1627106.36.0ThinkPad ThinkPad Stack Wireless Router authentication$0-$5k$0-$5kNot DefinedNot Defined0.15CVE-2020-8350
1627098.17.7Lenovo Cloud Networking Operating System REST API input validation$0-$5k$0-$5kNot DefinedNot Defined0.56CVE-2020-8349
1627087.87.5Lenovo HardwareScan Plugin Vantage Hardware Scan uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.48CVE-2020-8345
1627077.87.5Lenovo Diagnostics DLL untrusted search path$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-8338
1627064.54.5Lenovo/IBM System X Server BIOS Mode USB Driver toctou$0-$5k$0-$5kNot DefinedNot Defined0.14CVE-2020-8332
1627056.36.0Rapid7 Nexpose sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.66CVE-2020-7383
1627044.34.1McAfee ePolicy Orchistrator cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.25CVE-2020-7318
1627034.34.1McAfee ePolicy Orchistrator cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.72CVE-2020-7317
1627023.53.4Duo Network Gateway Log log file$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-3483
1627015.35.3Duo Authentication for Windows Logon/RDP authentication$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-3427

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!