Archive 10/17/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

1628265.55.3Linux Kernel 64-bit Value verifier.c scalar32_min_max_or memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-27194
1628256.86.8Overwolf access control$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-25214
1628226.56.2Juniper Junos Virtual Chassis resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-1689
1628213.83.7ClearPass Junos Web API key management$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-1688
1628206.56.2Juniper Junos VXLAN resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1687
1628197.57.2Juniper Junos vmcore double free$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1686
1628184.74.5Juniper Junos Firewall Filter information exposure$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-1685
1628177.57.2Juniper Junos HTTP Traffic resource consumption$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-1684
1628167.57.2Juniper Junos vmcore memory leak$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-1683
1628155.55.3Juniper Junos srxpfe denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2020-1682
1628146.56.2Juniper Junos NDP exceptional condition$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-1681
1628125.35.1Juniper Junos NAT64 format string$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-1680
1628117.57.2Juniper Junos Packet Forwarding Engine denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-1679
1628106.56.2Juniper Junos BGP Packet memory leak$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-1678
1628097.26.9Juniper Mist Cloud UI SAML Response improper authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-1677
1628087.26.9Juniper Mist Cloud UI SAML Response improper authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-1676
1628078.37.9Juniper Mist Cloud UI SAML improper authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1675
1628065.45.2Juniper Junos MACsec Packet protection mechanism$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1674
1628054.34.1Juniper Junos J-Web cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-1673
1628047.57.2Juniper Junos jdhcpd denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-1672
1628037.57.2Juniper Junos JDHCPD out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1671
1628026.56.2Juniper Junos Routing Engine resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-1670
1628014.34.1Juniper Junos Device Manager Container passwd credentials storage$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-1669
1628007.57.2Juniper Junos Routing Engine resource consumption$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-1668
1627998.37.9Juniper Junos Multiservices PIC Management Daemon race condition$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1667
1627984.13.9Juniper Junos System Console access control$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2020-1666
1627975.35.1Juniper Junos Packet Forwarding Engine denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-1665
1627967.87.5Juniper Junos Daemon stack-based overflow$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-1664
1627957.57.2Juniper Junos RPD denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-1662
1627945.35.1Juniper Junos jdhcp denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-1661
1627939.18.7Juniper Junos Multiservices PIC Management Daemon denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1660
1627927.57.2Juniper Junos key-management-daemon denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1657
1627919.89.4Juniper Junos DHCPv6 Relay-Agent Service null pointer dereference$5k-$25k$0-$5kNot DefinedOfficial Fix0.01CVE-2020-1656
1627905.45.4EZCast Pro II Administration Panel information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2019-12305
1627896.96.9IBM Resilient OnPrem command injection$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2020-4636
1627885.65.6IBM Security Guardium Big Data Intelligence inadequate encryption$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2020-4254
1627875.55.3Apereo CAS Secret Key improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2020-27178
1627866.46.1Dell EMC NetWorker improper authorization$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-26183
1627856.05.7Dell EMC NetWorker privileges assignment$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-26182
1627847.16.8Wire URL shell.openExternal input validation$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-15258

Interested in the pricing of exploits?

See the underground prices here!