Exploits 06/03/2020info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCVE
06/03/2020$0-$5k$0-$5kClearPass Policy Manager Web UI Administrative Interface Command privilege escalationNot Defined
 
 
CVE-2020-7117
06/03/2020$0-$5k$0-$5kClearPass Policy Manager Web UI Administrative Interface Command privilege escalationNot Defined
 
 
CVE-2020-7116
06/03/2020$0-$5k$0-$5kClearPass Policy Manager Web Interface weak authenticationNot Defined
 
 
CVE-2020-7115
06/03/2020$0-$5k$0-$5kKibana TSVB Visualization Stored cross site scriptingNot Defined
 
 
CVE-2020-7015
06/03/2020$0-$5k$0-$5kElasticsearch Incomplete Fix CVE-2020-7009 privilege escalationNot Defined
 
 
CVE-2020-7014
06/03/2020$0-$5k$0-$5kKibana TSVB Prototype privilege escalationNot Defined
 
 
CVE-2020-7013
06/03/2020$0-$5k$0-$5kKibana Upgrade Assistant Code privilege escalationNot Defined
 
 
CVE-2020-7012
06/03/2020$0-$5k$0-$5kElastic App Search Reference UI cross site scriptingNot Defined
 
 
CVE-2020-7011
06/03/2020$0-$5k$0-$5kElastic Cloud on Kubernetes Random Number Generator weak authenticationNot Defined
 
 
CVE-2020-7010
06/03/2020$25k-$100k$5k-$25kGoogle Chrome Notification privilege escalationNot Defined
 
 
CVE-2020-6504
06/03/2020$25k-$100k$5k-$25kGoogle Chrome information disclosureNot Defined
 
 
CVE-2020-6503
06/03/2020$25k-$100k$5k-$25kGoogle Chrome Security UI spoofingNot Defined
 
 
CVE-2020-6502
06/03/2020$25k-$100k$5k-$25kGoogle Chrome Content Security Policy privilege escalationNot Defined
 
 
CVE-2020-6501
06/03/2020$25k-$100k$5k-$25kGoogle Chrome interstitials Address spoofingNot Defined
 
 
CVE-2020-6500
06/03/2020$25k-$100k$5k-$25kGoogle Chrome AppCache privilege escalationNot Defined
 
 
CVE-2020-6499
06/03/2020$25k-$100k$5k-$25kGoogle Chrome User Interface Domain spoofingNot Defined
 
 
CVE-2020-6498
06/03/2020$25k-$100k$5k-$25kGoogle Chrome Omnibox Domain spoofingNot Defined
 
 
CVE-2020-6497
06/03/2020$25k-$100k$5k-$25kGoogle Chrome Payments Use-After-Free memory corruptionNot Defined
 
 
CVE-2020-6496
06/03/2020$25k-$100k$5k-$25kGoogle Chrome Developer Tools Sandbox privilege escalationNot Defined
 
 
CVE-2020-6495
06/03/2020$25k-$100k$5k-$25kGoogle Chrome Security UI Address spoofingNot Defined
 
 
CVE-2020-6494
06/03/2020$25k-$100k$5k-$25kGoogle Chrome Use-After-Free memory corruptionNot Defined
 
 
CVE-2020-6493
06/03/2020$25k-$100k$5k-$25kGoogle Chrome v8 Heap-based memory corruptionNot Defined
 
 
CVE-2020-6453
06/03/2020$25k-$100k$5k-$25kGoogle Chrome v8 Out-of-Bounds memory corruptionNot Defined
 
 
CVE-2020-6419
06/03/2020$0-$5k$0-$5kOctoberCMS ImportExportController CSV Injection privilege escalationNot Defined
 
 
CVE-2020-5299
06/03/2020$0-$5k$0-$5kOctoberCMS ImportExportController Reflected cross site scriptingNot Defined
 
 
CVE-2020-5298
06/03/2020$0-$5k$0-$5kOctoberCMS Permission File Upload privilege escalationNot Defined
 
 
CVE-2020-5297
06/03/2020$0-$5k$0-$5kOctoberCMS Permission denial of serviceNot Defined
 
 
CVE-2020-5296
06/03/2020$0-$5k$0-$5kOctoberCMS Permission information disclosureNot Defined
 
 
CVE-2020-5295
06/03/2020$0-$5k$0-$5kIBM Security Guardium Solr Dashboard denial of serviceNot Defined
 
 
CVE-2020-4307
06/03/2020$0-$5k$0-$5kIBM Security Guardium Default Key weak encryptionNot Defined
 
 
CVE-2020-4190
06/03/2020$5k-$25k$5k-$25kIBM Security Guardium Login Page information disclosureNot Defined
 
 
CVE-2020-4187
06/03/2020$5k-$25k$0-$5kIBM Security Guardium Web UI cross site scriptingNot Defined
 
 
CVE-2020-4182
06/03/2020$5k-$25k$5k-$25kIBM Security Guardium Command privilege escalationNot Defined
 
 
CVE-2020-4180
06/03/2020$5k-$25k$5k-$25kIBM Security Guardium Default Key weak encryptionNot Defined
 
 
CVE-2020-4177
06/03/2020$0-$5k$0-$5kWatermelonDB databaseadapterdestroyDeletedRecords sql injectionNot Defined
 
 
CVE-2020-4035
06/03/2020$5k-$25k$0-$5kCisco Identity Services Engine syslog Crash denial of serviceNot Defined
 
 
CVE-2020-3353
06/03/2020$5k-$25k$0-$5kCisco Prime Infrastructure Web-based Management Interface sql injectionNot Defined
 
 
CVE-2020-3339
06/03/2020$0-$5k$0-$5kCisco Application Services Engine Key Store information disclosureNot Defined
 
 
CVE-2020-3335
06/03/2020$5k-$25k$0-$5kCisco Application Services Engine API privilege escalationNot Defined
 
 
CVE-2020-3333
06/03/2020$5k-$25k$0-$5kCisco WebEx Network Recording Player/Webex Player ARF File denial of serviceNot Defined
 
 
CVE-2020-3322
06/03/2020$5k-$25k$0-$5kCisco WebEx Network Recording Player/Webex Player ARF File denial of serviceNot Defined
 
 
CVE-2020-3321
06/03/2020$5k-$25k$0-$5kCisco WebEx Network Recording Player/Webex Player ARF File denial of serviceNot Defined
 
 
CVE-2020-3319
06/03/2020$5k-$25k$0-$5kCisco Digital Network Architecture Logging Cleartext information disclosureNot Defined
 
 
CVE-2020-3281
06/03/2020$5k-$25k$0-$5kCisco Unified Contact Center Express API Subsystem privilege escalationNot Defined
 
 
CVE-2020-3267
06/03/2020$25k-$100k$5k-$25kCisco IOS privilege escalationNot Defined
 
 
CVE-2020-3258
06/03/2020$25k-$100k$5k-$25kCisco IOS IOx Application Environment privilege escalationNot Defined
 
 
CVE-2020-3257
06/03/2020$25k-$100k$5k-$25kCisco IOS IOx Application Environment privilege escalationNot Defined
 
 
CVE-2020-3238
06/03/2020$5k-$25k$0-$5kCisco ISO IOx Application Environment privilege escalationNot Defined
 
 
CVE-2020-3237
06/03/2020$5k-$25k$0-$5kCisco IOS/IOS XE SNMP Subsystem denial of serviceNot Defined
 
 
CVE-2020-3235
06/03/2020$5k-$25k$0-$5kCisco IOS Virtual Console Default Credentials weak authenticationNot Defined
 
 
CVE-2020-3234

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!