Archive 11/10/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1647286.96.2Microsoft Edge memory corruption$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.03CVE-2020-17052
1647277.56.7Microsoft Edge memory corruption$100k and more$25k-$100kProof-of-ConceptOfficial Fix0.05CVE-2020-17058
1647267.86.8Microsoft Windows WalletService privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.02CVE-2020-17037
1647255.54.8Microsoft Windows WalletService information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.07CVE-2020-16999
1647247.86.8Microsoft Windows Update Orchestrator Service privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2020-17076
1647237.86.8Microsoft Windows Update Stack privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2020-17077
1647227.86.8Microsoft Windows Update Medic Service privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-17070
1647217.86.8Microsoft Windows USO Core Worker privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-17075
1647205.54.8Microsoft Windows Delivery Optimization information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.02CVE-2020-17071
1647197.86.8Microsoft Windows Update Orchestrator Service privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-17073
1647187.86.8Microsoft Windows Update Orchestrator Service privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-17074
1647175.54.8Microsoft Windows NDIS information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2020-17069
1647167.87.2Microsoft Windows Kernel privileges management$25k-$100k$5k-$25kFunctionalOfficial Fix0.06CVE-2020-17087
1647157.86.8Microsoft Windows Kernel privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2020-17035
1647146.85.9Microsoft Windows Defender for Endpoint Security information disclosure$25k-$100k$5k-$25kUnprovenOfficial Fix0.02CVE-2020-17090
1647135.54.8Microsoft Visual Studio unknown vulnerability$5k-$25k$0-$5kUnprovenOfficial Fix0.03CVE-2020-17100
1647128.17.1Microsoft Visual Studio Code JSHint Extension input validation$5k-$25k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-17104
1647118.17.1Microsoft HEVC Video Extensions Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-17109
1647108.17.1Microsoft HEVC Video Extensions Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-17108
1647095.55.0Microsoft Windows Camera Codec information disclosure$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.06CVE-2020-17113
1647088.17.1Microsoft HEVC Video Extensions Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.02CVE-2020-17110
1647078.17.1Microsoft HEVC Video Extensions Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-17107
1647068.87.7Microsoft Raw Image Extension Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.02CVE-2020-17078
1647058.57.4Microsoft Raw Image Extension Local Privilege Escalation$5k-$25k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-17079
1647046.25.4Microsoft Raw Image Extension information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.03CVE-2020-17081
1647038.87.7Microsoft Raw Image Extension Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-17086
1647028.87.7Microsoft Raw Image Extension Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2020-17082
1647015.54.8Microsoft WebP Image Extension information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2020-17102
1647008.87.7Microsoft AV1 Video Extension Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2020-17105
1646998.17.1Microsoft HEIF Image Extension Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2020-17101
1646988.17.1Microsoft HEVC Video Extensions Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2020-17106
1646977.86.8Microsoft Windows Bind Filter Driver privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.02CVE-2020-17012
1646967.86.8Microsoft Windows Port Class Library privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2020-17011
1646955.54.8Microsoft Windows Win32k information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2020-17013
1646947.86.8Microsoft Windows Client Side Rendering Print Provider privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.02CVE-2020-17024
1646938.17.1Microsoft Windows privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2020-17025
1646927.66.8Microsoft Windows Print Spooler privileges management$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.00CVE-2020-17014
1646917.36.3Microsoft Windows Error Reporting privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.02CVE-2020-17007
1646907.86.8Microsoft Windows Win32 privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2020-17010
1646898.17.1Microsoft Windows privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.02CVE-2020-17055

Might our Artificial Intelligence support you?

Check our Alexa App!