Archive 12/08/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1657507.66.6Microsoft Windows SMB information disclosure$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-17140
1657497.96.9Microsoft Windows NTFS Remote Privilege Escalation$25k-$100k$25k-$100kUnprovenOfficial Fix0.10CVE-2020-17096
1657484.84.2Microsoft Windows Digital Media Receiver privileges management$5k-$25k$5k-$25kUnprovenOfficial Fix0.04CVE-2020-17097
1657476.85.9Microsoft Windows Lock Screen improper authentication$5k-$25k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-17099
1657469.07.8Microsoft Windows Hyper-V Remote Privilege Escalation$100k and more$25k-$100kUnprovenOfficial Fix0.00CVE-2020-17095
1657454.84.2Microsoft Windows Error Reporting information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2020-17094
1657447.86.8Microsoft Windows Backup Engine privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-16962
1657437.86.8Microsoft Windows Backup Engine privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2020-16963
1657427.86.8Microsoft Windows Backup Engine privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2020-16964
1657417.86.8Microsoft Windows Backup Engine privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2020-16961
1657407.86.8Microsoft Windows Backup Engine privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2020-16959
1657397.86.8Microsoft Windows Backup Engine privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2020-16958
1657387.86.8Microsoft Windows Backup Engine privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2020-16960
1657377.36.4Microsoft Visual Studio TS-Lint Extension code injection$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2020-17150
1657367.36.4Microsoft Visual Studio code injection$5k-$25k$0-$5kUnprovenOfficial Fix0.04CVE-2020-17156
1657357.36.4Microsoft Visual Studio Java Extension Pack code injection$5k-$25k$0-$5kUnprovenOfficial Fix0.03CVE-2020-17159
1657347.86.8Microsoft Visual Studio Remote SSH Extension code injection$5k-$25k$0-$5kUnprovenOfficial Fix0.04CVE-2020-17148
1657337.86.8Microsoft Windows Cloud Files Mini Filter Driver privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-17134
1657327.36.3Microsoft Windows Cloud Files Mini Filter Driver privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.08CVE-2020-17103
1657317.86.8Microsoft Windows Overlay Filter protection mechanism$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-17139
1657307.86.8Microsoft Windows Network Connections Service privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2020-17092
1657294.84.2Microsoft Windows Error Reporting information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.08CVE-2020-17138
1657286.55.7Microsoft Windows Kerberos protection mechanism$25k-$100k$5k-$25kUnprovenOfficial Fix0.07CVE-2020-16996
1657277.86.8Microsoft Windows Cloud Files Mini Filter Driver privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-17136
1657267.46.7Microsoft SharePoint privileges management$5k-$25k$5k-$25kProof-of-ConceptOfficial Fix0.07CVE-2020-17089
1657258.77.8Microsoft SharePoint unknown vulnerability$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.08CVE-2020-17118
1657248.87.7Microsoft SharePoint Remote Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2020-17121
1657235.04.3Microsoft SharePoint information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.07CVE-2020-17120
1657228.07.0Microsoft SharePoint input validation$5k-$25k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-17115
1657217.36.4Microsoft Office/Office Web Apps/SharePoint Server Remote Code Execution$5k-$25k$5k-$25kUnprovenOfficial Fix0.09CVE-2020-17122
1657205.14.5Microsoft Excel information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2020-17126
1657197.36.4Microsoft Excel Remote Code Execution$5k-$25k$5k-$25kUnprovenOfficial Fix0.06CVE-2020-17127
1657187.36.4Microsoft Excel Remote Code Execution$5k-$25k$5k-$25kUnprovenOfficial Fix0.00CVE-2020-17125
1657176.15.5Microsoft Outlook information disclosure$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2020-17119
1657167.36.4Microsoft Excel Remote Code Execution$5k-$25k$5k-$25kUnprovenOfficial Fix0.06CVE-2020-17123
1657157.36.4Microsoft PowerPoint Remote Code Execution$5k-$25k$5k-$25kUnprovenOfficial Fix0.05CVE-2020-17124
1657147.36.4Microsoft Excel Remote Code Execution$5k-$25k$5k-$25kUnprovenOfficial Fix0.04CVE-2020-17129
1657137.36.4Microsoft Excel Remote Code Execution$5k-$25k$5k-$25kUnprovenOfficial Fix0.04CVE-2020-17128
1657126.45.6Microsoft Excel protection mechanism$5k-$25k$0-$5kUnprovenOfficial Fix0.05CVE-2020-17130
1657115.54.8Microsoft Windows GDI+ information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.05CVE-2020-17098

Want to stay up to date on a daily basis?

Enable the mail alert feature now!