Archive 12/17/2020

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1665135.55.5Hashicorp Vault Enterprise Sentinel EGP Policy Feature unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-35453
1665129.89.8Memcached Docker Image hard-coded password$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-35197
1665119.89.8Rabbitmq Docker Image hard-coded password$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-35196
1665109.89.8Haproxy Docker Image hard-coded password$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-35195
1665099.89.8Influxdb Docker Image hard-coded password$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-35194
1665089.89.8Vault Docker Image hard-coded password$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-35192
1665079.89.8Drupal Docker Image hard-coded password$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-35191
1665069.89.8Plone Docker Image hard-coded password$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-35190
1665059.89.8Kong Docker Image hard-coded password$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-35189
1665049.89.8Chronograf Docker Image hard-coded password$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-35188
1665039.89.4Telegraf Docker Image hard-coded password$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-35187
1665029.89.8Adminer Docker Image hard-coded password$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-35186
1665019.89.8Ghost Docker Image hard-coded password$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-35185
1665009.89.8Composer Docker Image hard-coded password$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-35184
1664993.53.5Hashicorp Vault/Vault Enterprise LDAP Auth Method information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-35177
1664985.55.5Synacor Zimbra Collaboration Suite SAML Consumer Store Extension xml external entity reference$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-35123
1664974.34.3SSH Component denial of service$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-29652
1664964.34.3Sonatype Nexus Repository Manager xml external entity reference$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-29436
1664956.36.3Magic Home Pro Application improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-27199
1664946.36.3Oracle Application Server Websocket access control$5k-$25k$5k-$25kNot DefinedNot Defined0.02CVE-2020-25096
1664933.53.5LogRhythm Platform Manager Websocket cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2020-25095
1664928.88.8LogRhythm Platform Manager Websocket command injection$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-25094
1664914.34.3Kyland KPS2204 webadminget.cgi information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-25011
1664906.36.3Kyland KPS2204 Instruction unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-25010
1664895.05.0Infraware ML Report MLReportDeamon.exe sub_41EAF0 stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-7837
1664887.37.3connection-tester Package index.js injection$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-7781
1664877.37.3Dell BSAFE Micro Edition Suite buffer overflow$5k-$25k$5k-$25kNot DefinedOfficial Fix0.10CVE-2020-5360
1664867.37.3Dell BSAFE Micro Edition Suite return value$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-5359
1664855.35.3IBM Financial Transaction Manager Login Dialog information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-4908
1664845.35.3IBM Financial Transaction Manager information exposure$5k-$25k$0-$5kNot DefinedNot Defined0.02CVE-2020-4907
1664833.33.3IBM Financial Transaction Manager information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-4906
1664823.73.7IBM Financial Transaction Manager cleartext transmission$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2020-4905
1664814.34.3IBM Financial Transaction Manager cross-site request forgery$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2020-4904
1664804.34.3IBM Sterling File Gateway Web UI cross site scripting$5k-$25k$0-$5kNot DefinedNot Defined0.06CVE-2020-4658
1664794.34.3IBM Sterling B2B Integrator Web UI cross site scripting$5k-$25k$0-$5kNot DefinedNot Defined0.04CVE-2020-4657
1664786.36.3Vmware macOS Sensor for VMware Carbon Black Cloud Installation Remote Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-4008
1664776.36.3Irfan Skiljan IrfanView PCX File out-of-bounds write$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-35133
1664766.36.3Pluck CMS unrestricted upload$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-29607
1664754.34.3Epson EPS TSE Server 8 Administrative Interface cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.01CVE-2020-28931
1664743.53.5Epson EPS TSE Server 8 users.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-28930

Want to stay up to date on a daily basis?

Enable the mail alert feature now!