Exploits 05/04/2020info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
05/04/2020$5k-$25k$0-$5kGoogle Earth Pro khcrypt Man-in-the-Middle weak encryptionNot Defined
 
 
0.09CVE-2020-8896
05/04/2020$0-$5k$0-$5kOKLOK Mobile Companion App information disclosureNot Defined
 
 
0.00CVE-2020-8792
05/04/2020$0-$5k$0-$5kOKLOK Mobile Companion App API privilege escalationNot Defined
 
 
0.00CVE-2020-8791
05/04/2020$0-$5k$0-$5kOKLOK Mobile Companion App Password Requirements weak authenticationNot Defined
 
 
0.00CVE-2020-8790
05/04/2020$5k-$25k$5k-$25kDell Client Platform OS Recovery Image privilege escalationNot Defined
 
 
0.00CVE-2020-5343
05/04/2020$5k-$25k$0-$5kRSA Archer Open RedirectNot Defined
 
 
0.00CVE-2020-5337
05/04/2020$5k-$25k$0-$5kRSA Archer cross site scriptingNot Defined
 
 
0.00CVE-2020-5336
05/04/2020$5k-$25k$0-$5kRSA Archer cross site request forgeryNot Defined
 
 
0.00CVE-2020-5335
05/04/2020$5k-$25k$0-$5kRSA Archer DOM-Based cross site scriptingNot Defined
 
 
0.00CVE-2020-5334
05/04/2020$5k-$25k$0-$5kRSA Archer REST API privilege escalationNot Defined
 
 
0.00CVE-2020-5333
05/04/2020$5k-$25k$0-$5kRSA Archer command injectionNot Defined
 
 
0.00CVE-2020-5332
05/04/2020$0-$5k$0-$5kRSA Archer Cache/Log File information disclosureNot Defined
 
 
0.00CVE-2020-5331
05/04/2020$5k-$25k$5k-$25kIBM Spectrum Protect Plus directory traversalNot Defined
 
 
0.00CVE-2020-4209
05/04/2020$0-$5k$0-$5kSoteria privilege escalationNot Defined
 
 
0.00CVE-2020-1732
05/04/2020$0-$5k$0-$5kservice-api XML Data Server-Side Request ForgeryNot Defined
 
 
0.00CVE-2020-12642
05/04/2020$0-$5k$0-$5kRoundCube Webmail Config Setting rcube_image.php Remote Code ExecutionNot Defined
 
 
0.08CVE-2020-12641
05/04/2020$0-$5k$0-$5kRoundCube Webmail rcube_plugin_api.php Local File InclusionNot Defined
 
 
0.09CVE-2020-12640
05/04/2020$0-$5k$0-$5kPHPList template.php cross site scriptingNot Defined
 
 
0.06CVE-2020-12639
05/04/2020$0-$5k$0-$5kTP-LINK Omada Controller Software eap-web-3.2.6.jar directory traversalNot Defined
 
 
0.00CVE-2020-12475
05/04/2020$0-$5k$0-$5kTP-LINK NC260/NC450 command injectionNot Defined
 
 
0.00CVE-2020-12111
05/04/2020$0-$5k$0-$5kTP-LINK NC200/NC210/NC220/NC230/NC250/NC260/NC450 Default Key weak encryptionNot Defined
 
 
0.09CVE-2020-12110
05/04/2020$0-$5k$0-$5kTP-LINK NC200/NC210/NC220/NC230/NC250/NC260/NC450 command injectionNot Defined
 
 
0.00CVE-2020-12109
05/04/2020$0-$5k$0-$5kTeamPass REST API privilege escalationNot Defined
 
 
0.00CVE-2020-11671
05/04/2020$0-$5k$0-$5kOpenVPN Access Server Management Interface XXE denial of serviceNot Defined
 
 
0.00CVE-2020-11462
05/04/2020$5k-$25k$0-$5kZoom MSI Installer privilege escalationNot Defined
 
 
0.00CVE-2020-11443
05/04/2020$0-$5k$0-$5kRuby Heap-based memory corruptionNot Defined
 
 
0.00CVE-2020-10933
05/04/2020$0-$5k$0-$5kOKLOK Mobile Companion App Email Verification weak authenticationNot Defined
 
 
0.00CVE-2020-10876
05/04/2020$0-$5k$0-$5kQEMU virtiofsd denial of serviceNot Defined
 
 
0.00CVE-2020-10717
05/04/2020$0-$5k$0-$5kSamba AD DC LDAP Server Use-After-Free denial of serviceNot Defined
 
 
0.00CVE-2020-10700
05/04/2020$0-$5k$0-$5kKeyCloak denial of serviceNot Defined
 
 
0.00CVE-2020-10686
05/04/2020$0-$5k$0-$5kLCDS LAquis SCADA privilege escalationNot Defined
 
 
0.00CVE-2020-10622
05/04/2020$0-$5k$0-$5kLCDS LAquis SCADA information disclosureNot Defined
 
 
0.00CVE-2020-10618
05/04/2020$0-$5k$0-$5kDoorkeeper authorized_applications.json information disclosureNot Defined
 
 
0.00CVE-2020-10187
05/04/2020$0-$5k$0-$5kCoSoSys Endpoint Protector Header Injection privilege escalationNot Defined
 
 
0.00CVE-2019-13285
05/04/2020$0-$5k$0-$5kSolarwinds Orion Platform Error information disclosureNot Defined
 
 
0.00CVE-2019-12864
05/04/2020$0-$5k$0-$5kTensorFlow BMP Decoder decode_bmp_op.cc DecodeBmp Integer Overflow memory corruptionNot Defined
 
 
0.00CVE-2018-21233
05/04/2020$5k-$25k$5k-$25kSuSE Linux Enterprise Server 15 etc privilege escalationNot Defined
 
 
0.00CVE-2020-8018
05/04/2020$5k-$25k$0-$5kApache Syncope Template Remote Code ExecutionNot Defined
 
 
0.00CVE-2020-1961
05/04/2020$5k-$25k$0-$5kApache Syncope Template Remote Code ExecutionNot Defined
 
 
0.00CVE-2020-1959
05/04/2020$5k-$25k$0-$5kJuniper Junos HTTP Service command injection directory traversalNot Defined
 
 
0.00CVE-2020-1631
05/04/2020$0-$5k$0-$5kosTicket SLA Name class.sla.php cross site scriptingNot Defined
 
 
0.05CVE-2020-12629
05/04/2020$0-$5k$0-$5kLinux Kernel Reference Counter namespace.c pivot_root race condition denial of serviceNot Defined
 
 
0.00CVE-2020-12114
05/04/2020$0-$5k$0-$5kMicro Focus Verastream Host Integrator information disclosureNot Defined
 
 
0.00CVE-2020-11842
05/04/2020$0-$5k$0-$5kApache Syncope EndUser UI Login Page cross site scriptingNot Defined
 
 
0.00CVE-2019-17557
05/04/2020$0-$5k$0-$5kSynology Router Manager Network Center Out-of-Bounds denial of serviceNot Defined
 
 
0.00CVE-2019-11823
05/04/2020$0-$5k$0-$5kCalibre-Web Default Key weak authenticationNot Defined
 
 
0.00CVE-2020-12627
05/04/2020$0-$5k$0-$5kRoundCube Webmail cross site request forgeryNot Defined
 
 
0.00CVE-2020-12626
05/04/2020$0-$5k$0-$5kRoundCube Webmail rcube_washtml.php cross site scriptingNot Defined
 
 
0.00CVE-2020-12625

Might our Artificial Intelligence support you?

Check our Alexa App!