Exploits 08/27/2020info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
08/27/2020$25k-$100k$5k-$25kCisco NX-OS Data Management Engine out-of-bounds writeNot Defined
 
 
0.02CVE-2020-3415
08/27/2020$25k-$100k$5k-$25kCisco NX-OS Call Home input validationNot Defined
 
 
0.02CVE-2020-3454
08/27/2020$25k-$100k$5k-$25kCisco NX-OS Border Gateway Protocol input validationNot Defined
 
 
0.07CVE-2020-3398
08/27/2020$25k-$100k$5k-$25kCisco NX-OS Border Gateway Protocol input validationNot Defined
 
 
0.02CVE-2020-3397
08/27/2020$5k-$25k$5k-$25kDell EMC Isilon OneFS/EMC PowerScale OneFS Likewise memory corruptionNot Defined
 
 
0.01CVE-2020-5383
08/27/2020$5k-$25k$5k-$25kIBM Security Guardium Insights privileges managementNot Defined
 
 
0.03CVE-2020-4603
08/27/2020$5k-$25k$5k-$25kTrend Micro Micro Deep Security/Vulnerability Protection Management Console permission assignmentNot Defined
 
 
0.02CVE-2020-8602
08/27/2020$5k-$25k$5k-$25kOracle NetSuite SuiteCommerce Advanced privileges managementNot Defined
 
 
0.04CVE-2020-14728
08/27/2020$5k-$25k$0-$5kCisco Nexus 3000/Nexus 9000 Enable Secret improper authorizationNot Defined
 
 
0.04CVE-2020-3394
08/27/2020$5k-$25k$0-$5kOracle NetSuite SuiteCommerce Advanced privileges managementNot Defined
 
 
0.04CVE-2020-14729
08/27/2020$5k-$25k$5k-$25kIBM WebSphere Application Server ND High Availability Deployment Manager cross site scriptingNot Defined
 
 
0.03CVE-2020-4575
08/27/2020$5k-$25k$0-$5kCisco FXOS/NX-OS Fabric Services null pointer dereferenceNot Defined
 
 
0.03CVE-2020-3517
08/27/2020$5k-$25k$0-$5kCisco NX-OS Protocol Independent Multicast denial of serviceNot Defined
 
 
0.05CVE-2020-3338
08/27/2020$5k-$25k$5k-$25kTrend Micro Deep Security LDAP Authentication improper authenticationNot Defined
 
 
0.03CVE-2020-15601
08/27/2020$5k-$25k$5k-$25kTrend Micro Vulnerability Protection LDAP Authentication improper authenticationNot Defined
 
 
0.00CVE-2020-15605
08/27/2020$5k-$25k$5k-$25kIBM Security Guardium Insights improper authenticationNot Defined
 
 
0.04CVE-2020-4167
08/27/2020$5k-$25k$0-$5kQEMU ossaudio.c oss_write divide by zeroNot Defined
 
 
0.05CVE-2020-14415
08/27/2020$5k-$25k$5k-$25kIBM Security Guardium Security Control information disclosureNot Defined
 
 
0.02CVE-2018-1501
08/27/2020$5k-$25k$5k-$25kIBM Security Guardium Insights Error Message information disclosureNot Defined
 
 
0.02CVE-2020-4166
08/27/2020$5k-$25k$5k-$25kIBM Security Guardium Insights information disclosureNot Defined
 
 
0.02CVE-2020-4172
08/27/2020$5k-$25k$5k-$25kIBM Security Guardium Insights HSTS information disclosureNot Defined
 
 
0.00CVE-2020-4175
08/27/2020$5k-$25k$5k-$25kIBM Security Guardium Insights Web Page information disclosureNot Defined
 
 
0.03CVE-2020-4171
08/27/2020$5k-$25k$5k-$25kIBM Security Guardium Insights risky encryptionNot Defined
 
 
0.04CVE-2020-4169
08/27/2020$5k-$25k$0-$5kIBM Security Guardium Insights missing encryptionNot Defined
 
 
0.04CVE-2020-4174
08/27/2020$0-$5k$0-$5kRed Lion N-Tron 702-W/N-Tron 702M12-W backdoorNot Defined
 
 
0.08CVE-2020-16204
08/27/2020$0-$5k$0-$5kRed Lion N-Tron 702-W/N-Tron 702M12-W code injectionNot Defined
 
 
0.03CVE-2017-16544
08/27/2020$0-$5k$0-$5kOpenZFS User Permission default permissionNot Defined
 
 
0.05CVE-2020-24717
08/27/2020$0-$5k$0-$5kProjects World House Rental File Upload unrestricted uploadNot Defined
 
 
0.04CVE-2020-24202
08/27/2020$0-$5k$0-$5kGMapFP File Upload unrestricted uploadNot Defined
 
 
0.07CVE-2020-23972
08/27/2020$0-$5k$0-$5kProjects World Travel Management System Pic Upload updatesubcategory.php unrestricted uploadNot Defined
 
 
0.06CVE-2020-24203
08/27/2020$0-$5k$0-$5kOnline Bike Rental Vehicle Image Upload unrestricted uploadNot Defined
 
 
0.04CVE-2020-24196
08/27/2020$0-$5k$0-$5kGitHub Enterprise Server Pages Site command injectionNot Defined
 
 
0.05CVE-2020-10518
08/27/2020$0-$5k$0-$5kSoluzione Globale Ecommerce CMS offerta.php sql injectionNot Defined
 
 
0.05CVE-2020-23978
08/27/2020$0-$5k$0-$5kKandNconcepts Club CMS team.php sql injectionNot Defined
 
 
0.00CVE-2020-23973
08/27/2020$0-$5k$0-$5kWebexcels Ecommerce CMS content.php sql injectionNot Defined
 
 
0.04CVE-2020-23976
08/27/2020$0-$5k$0-$5k13enforme CMS content.php sql injectionNot Defined
 
 
0.04CVE-2020-23979
08/27/2020$0-$5k$0-$5kDesignMasterEvents Conference Management Administrator Login Page sql injectionNot Defined
 
 
0.02CVE-2020-23980
08/27/2020$0-$5k$0-$5kThomson Reuters Eikon E1 IOT Orchestrator Security default permissionNot Defined
 
 
0.02CVE-2019-10679
08/27/2020$0-$5k$0-$5kCisco UCS Manager CLI resource controlNot Defined
 
 
0.03CVE-2020-3504
08/27/2020$0-$5k$0-$5kWSO2 API Manager Carbon Management Console Session Hijacking improper authenticationNot Defined
 
 
0.05CVE-2020-24703

Interested in the pricing of exploits?

See the underground prices here!