Archive 12/09/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1659774.34.1Adobe Acrobat Reader information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-29075
1659376.36.0SAP NetWeaver AS JAVA Process Integration Monitoring unrestricted upload$5k-$25k$0-$5kNot DefinedNot Defined0.06CVE-2020-26826
1659363.23.1SAP AS JAVA Key Storage Service missing encryption$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-26816
1659355.55.3JupyterHub jupyterhub-systemdspawner API Token exposure of resource$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-26261
1659346.36.0BookStack Image URL or injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-26260
1659335.55.5WECON LeviStudioU Project File heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-25199
1659326.76.7imcat Picture unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-23520
1659317.87.8Palo Alto Cortex XDR Agent uncontrolled search path$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-2049
1659303.33.2Palo Alto Cortex XDR Agent Exception exceptional condition$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-2020
1659297.37.3Apache NuttX Fragmentation out-of-bounds write$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-17529
1659286.36.3Apache NuttX TCP Packet out-of-bounds write$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2020-17528
1659275.45.2McAfee VirusScan Enterprise Windows Defender Application Control permission assignment$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-7337
1659266.36.3JerryScript main-utils.c main_print_unhandled_exception out-of-bounds read$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-29657
1659255.55.3python-py incorrect regex$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-29651
1659247.06.7Apple iTunes Text File memory corruption$5k-$25k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-9999
1659237.06.7Apple macOS Text File memory corruption$5k-$25k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-9999
1659226.56.3Apple iOS/iPadOS use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2020-9996
1659216.56.3Apple macOS use after free$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-9996
1659204.34.1Apple iOS/iPadOS Address Bar clickjacking$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-9993
1659194.34.1Apple Safari Address Bar clickjacking$25k-$100k$5k-$25kNot DefinedOfficial Fix0.07CVE-2020-9993
1659184.34.1Apple watchOS Address Bar clickjacking$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-9993
1659175.95.6Apple tvOS denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-9991
1659165.95.6Apple iCloud denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-9991
1659155.95.6Apple iOS/iPadOS denial of service$5k-$25k$5k-$25kNot DefinedOfficial Fix0.05CVE-2020-9991
1659145.95.6Apple watchOS denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9991
1659135.95.6Apple macOS denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-9991
1659124.44.2Apple iOS/iPadOS Message information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-9989
1659114.44.2Apple watchOS Message information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-9989
1659104.44.2Apple macOS Message information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-9989
1659094.44.2Apple iOS/iPadOS Message information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-9988
1659084.44.2Apple macOS Message information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-9988
1659074.34.1Apple Safari Address Bar clickjacking$25k-$100k$5k-$25kNot DefinedOfficial Fix0.08CVE-2020-9987
1659067.06.7Apple macOS use after free$5k-$25k$5k-$25kNot DefinedOfficial Fix0.05CVE-2020-9981
1659057.06.7Apple tvOS use after free$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9981
1659047.06.7Apple iTunes use after free$5k-$25k$5k-$25kNot DefinedOfficial Fix0.05CVE-2020-9981
1659037.06.7Apple iOS/iPadOS use after free$100k and more$25k-$100kNot DefinedOfficial Fix0.00CVE-2020-9981
1659027.06.7Apple watchOS use after free$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-9981
1659014.44.2Apple iOS/iPadOS Entitlement Verification information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9977
1659004.44.2Apple macOS Entitlement Verification information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-9977
1658987.06.7Apple iOS/iPadOS USD File buffer overflow$100k and more$25k-$100kNot DefinedOfficial Fix0.05CVE-2020-9972

Do you know our Splunk app?

Download it now for free!