Exploits 06/29/2020info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
06/29/2020$25k-$100k$5k-$25kPalo Alto PAN-OS SAML Authentication signature verificationNot Defined
 
 
0.07CVE-2020-2021
06/29/2020$5k-$25k$0-$5kSuSE SUSE Linux Enterprise Module for Development Tools osc file inclusionNot Defined
 
 
0.06CVE-2019-3681
06/29/2020$5k-$25k$5k-$25kOpenSSH Algorithm Negotiation information disclosureNot Defined
 
 
0.06CVE-2020-14145
06/29/2020$5k-$25k$0-$5kSuSE Linux Enterprise Debuginfo Symlink symlinkNot Defined
 
 
0.06CVE-2020-8019
06/29/2020$5k-$25k$0-$5kSuSE Enterprise Storage Tomcat Package default permissionNot Defined
 
 
0.00CVE-2020-8022
06/29/2020$5k-$25k$0-$5kAvast/AVG Free Antivirus Hard Link privileges managementNot Defined
 
 
0.00CVE-2020-13657
06/29/2020$5k-$25k$0-$5kIBM API Connect missing encryptionNot Defined
 
 
0.00CVE-2020-4452
06/29/2020$5k-$25k$0-$5kIBM Business Automation Workflow Web UI cross site scritingNot Defined
 
 
0.00CVE-2020-4557
06/29/2020$0-$5k$0-$5kMK-AUTH auth os command injectionNot Defined
 
 
0.07CVE-2020-14072
06/29/2020$0-$5k$0-$5kZyXEL CloudCNM SecuManager hard-coded credentialsNot Defined
 
 
0.00CVE-2020-15320
06/29/2020$0-$5k$0-$5kZyXEL CloudCNM SecuManager hard-coded credentialsNot Defined
 
 
0.00CVE-2020-15323
06/29/2020$0-$5k$0-$5kZyXEL CloudCNM SecuManager hard-coded credentialsNot Defined
 
 
0.00CVE-2020-15321
06/29/2020$0-$5k$0-$5kZyXEL CloudCNM SecuManager hard-coded credentialsNot Defined
 
 
0.00CVE-2020-15322
06/29/2020$0-$5k$0-$5kZyXEL CloudCNM SecuManager RSA SSH Key axess hard-coded credentialsNot Defined
 
 
0.00CVE-2020-15317
06/29/2020$0-$5k$0-$5kZyXEL CloudCNM SecuManager RSA SSH Key hard-coded credentialsNot Defined
 
 
0.02CVE-2020-15314
06/29/2020$0-$5k$0-$5kZyXEL CloudCNM SecuManager RSA SSH Key mysql hard-coded credentialsNot Defined
 
 
0.06CVE-2020-15319
06/29/2020$0-$5k$0-$5kZyXEL CloudCNM SecuManager DSA SSH Key mysql hard-coded credentialsNot Defined
 
 
0.00CVE-2020-15318
06/29/2020$0-$5k$0-$5kZyXEL CloudCNM SecuManager DSA SSH Key axess hard-coded credentialsNot Defined
 
 
0.00CVE-2020-15315
06/29/2020$0-$5k$0-$5kZyXEL CloudCNM SecuManager ECDSA SSH Key axess hard-coded credentialsNot Defined
 
 
0.02CVE-2020-15316
06/29/2020$0-$5k$0-$5kSophos XG Firewall HTTPS Bookmark buffer overflowNot Defined
 
 
0.05CVE-2020-15069
06/29/2020$0-$5k$0-$5kOpenJPEG opj_decompress.c opj_image_destroy use after freeNot Defined
 
 
0.05CVE-2020-15389
06/29/2020$0-$5k$0-$5kZyXEL CloudCNM SecuManager xmpp_config.py Credentials hard-coded credentialsNot Defined
 
 
0.00CVE-2020-15324
06/29/2020$0-$5k$0-$5kthingsSDK WiFi Scanner injectionNot Defined
 
 
0.00CVE-2020-15362
06/29/2020$0-$5k$0-$5kBaxter Spectrum WBM FTP Service operation after expirationNot Defined
 
 
0.00CVE-2020-12043
06/29/2020$0-$5k$0-$5kNeDi System-Snapshot.php os command injectionNot Defined
 
 
0.05CVE-2020-14412
06/29/2020$0-$5k$0-$5kBaxter Spectrum WBM Telnet Command-Line Interface permission assignmentNot Defined
 
 
0.00CVE-2020-12041
06/29/2020$0-$5k$0-$5kNeDi pwsec.php os command injectionNot Defined
 
 
0.00CVE-2020-14414
06/29/2020$0-$5k$0-$5kBrocade Network Advisor JBoss Administration Interface hard-coded credentialsNot Defined
 
 
0.00CVE-2018-6446
06/29/2020$0-$5k$0-$5kOAuth2 Proxy redirectNot Defined
 
 
0.01CVE-2020-4037
06/29/2020$0-$5k$0-$5kBaxter ExactaMix EM 1200/ExactaMix EM 2400 Startup Script exposure of resourceNot Defined
 
 
0.00CVE-2020-12020
06/29/2020$0-$5k$0-$5kZyXEL CloudCNM SecuManager DSA SSH Key hard-coded credentialsNot Defined
 
 
0.00CVE-2020-15312
06/29/2020$0-$5k$0-$5kZyXEL CloudCNM SecuManager ECDSA SSH Key hard-coded credentialsNot Defined
 
 
0.00CVE-2020-15313
06/29/2020$0-$5k$0-$5kMK-AUTH arp.php sql injectionNot Defined
 
 
0.00CVE-2020-14069
06/29/2020$0-$5k$0-$5kMK-AUTH Web Login executar_login.php improper authenticationNot Defined
 
 
0.00CVE-2020-14068
06/29/2020$0-$5k$0-$5kReportexpress ProPlus Config File Remote Privilege EscalationNot Defined
 
 
0.00CVE-2019-19160
06/29/2020$0-$5k$0-$5kLinux Kernel usbtest.c usbtest_disconnect release of resourceNot Defined
 
 
0.06CVE-2020-15393
06/29/2020$0-$5k$0-$5kBaxter PrismaFlex/PrisMax improper authenticationNot Defined
 
 
0.00CVE-2020-12035
06/29/2020$0-$5k$0-$5kBaxter Spectrum WBM FTP Service hard-coded passwordNot Defined
 
 
0.00CVE-2020-12047
06/29/2020$0-$5k$0-$5kBIOTRONIK CardioMessenger II improper authenticationNot Defined
 
 
0.00CVE-2019-18246
06/29/2020$0-$5k$0-$5kBaxter Spectrum WBM Telnet Service hard-coded passwordNot Defined
 
 
0.06CVE-2020-12045

Want to stay up to date on a daily basis?

Enable the mail alert feature now!