Exploits 09/23/2020info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
09/23/2020$0-$5k$0-$5kXen Timer Migration race conditionNot Defined
 
 
0.00CVE-2020-25604
09/23/2020$5k-$25k$0-$5kXen Event Channel smp_*mb memory corruptionNot Defined
 
 
0.61CVE-2020-25603
09/23/2020$5k-$25k$0-$5kXen Error denial of serviceNot Defined
 
 
0.06CVE-2020-25602
09/23/2020$5k-$25k$0-$5kXen FIFO Event Channel evtchn_destroy denial of serviceNot Defined
 
 
0.55CVE-2020-25601
09/23/2020$5k-$25k$0-$5kXen Event Channel denial of serviceNot Defined
 
 
0.37CVE-2020-25600
09/23/2020$5k-$25k$0-$5kXen evtchn_reset memory corruptionNot Defined
 
 
0.95CVE-2020-25599
09/23/2020$5k-$25k$0-$5kXen RCU denial of serviceNot Defined
 
 
0.08CVE-2020-25598
09/23/2020$5k-$25k$0-$5kXen denial of serviceNot Defined
 
 
0.84CVE-2020-25597
09/23/2020$5k-$25k$0-$5kXen SYSENTER memory corruptionNot Defined
 
 
0.18CVE-2020-25596
09/23/2020$5k-$25k$0-$5kXen PCI Passthrough privilege escalationNot Defined
 
 
0.61CVE-2020-25595
09/23/2020$0-$5k$0-$5kIgniteNet HeliOS GLinq cross site request forgeryNot Defined
 
 
0.75CVE-2020-5783
09/23/2020$0-$5k$0-$5kIgniteNet HeliOS GLinq denial of serviceNot Defined
 
 
0.00CVE-2020-5782
09/23/2020$0-$5k$0-$5kIgniteNet HeliOS GLinq Luci Configuration luci authenticator.htmlauth denial of serviceNot Defined
 
 
0.88CVE-2020-5781
09/23/2020$5k-$25k$0-$5kIBM Security Secret Server SSL Certificate Validator weak authenticationNot Defined
 
 
0.06CVE-2020-4340
09/23/2020$5k-$25k$5k-$25kIBM Security Secret Server privilege escalationNot Defined
 
 
0.05CVE-2020-4324
09/23/2020$0-$5k$0-$5kgon Gem XSS Protection Mechanism json_dumper.rb cross site scriptingNot Defined
 
 
0.11CVE-2020-25739
09/23/2020$0-$5k$0-$5kYGOPro ygocore memory corruptionNot Defined
 
 
0.63CVE-2020-24213
09/23/2020$0-$5k$0-$5kLiquibase Runner Plugin Permission Check privilege escalationNot Defined
 
 
0.06CVE-2020-2285
09/23/2020$0-$5k$0-$5kLiquibase Runner Plugin XML Parser XML External EntityNot Defined
 
 
0.50CVE-2020-2284
09/23/2020$0-$5k$0-$5kLiquibase Runner Plugin Changeset Content Stored cross site scriptingNot Defined
 
 
0.24CVE-2020-2283
09/23/2020$0-$5k$0-$5kImplied Labels Plugin Permission Check privilege escalationNot Defined
 
 
0.69CVE-2020-2282
09/23/2020$0-$5k$0-$5kLockable Resources Plugin cross site request forgeryNot Defined
 
 
0.81CVE-2020-2281
09/23/2020$0-$5k$0-$5kWarnings Plugin cross site request forgeryNot Defined
 
 
0.71CVE-2020-2280
09/23/2020$0-$5k$0-$5kScript Security Plugin Sandbox privilege escalationNot Defined
 
 
0.05CVE-2020-2279
09/23/2020$0-$5k$0-$5kGE Digital APM Classic Hash weak encryptionNot Defined
 
 
0.69CVE-2020-16244
09/23/2020$0-$5k$0-$5kGE Digital APM Classic JSON privilege escalationNot Defined
 
 
0.87CVE-2020-16240
09/23/2020$0-$5k$0-$5kGLPI weak encryptionNot Defined
 
 
0.14CVE-2020-11031
09/23/2020$0-$5k$0-$5kAruba CX Switch Cisco Discovery Protocol denial of serviceNot Defined
 
 
0.00CVE-2020-7122
09/23/2020$0-$5k$0-$5kAruba CX Switch Link Layer Discovery Protocol denial of serviceNot Defined
 
 
0.06CVE-2020-7121
09/23/2020$5k-$25k$5k-$25kHPE Pay Per Use Utility Computing Service Meter doPost privilege escalationNot Defined
 
 
0.12CVE-2020-24626
09/23/2020$5k-$25k$0-$5kHPE Pay Per Use Utility Computing Service Meter doGet directory traversalNot Defined
 
 
0.06CVE-2020-24625
09/23/2020$5k-$25k$5k-$25kHPE Pay Per Use Utility Computing Service Meter execute directory traversalNot Defined
 
 
0.00CVE-2020-24624
09/23/2020$0-$5k$0-$5kpodman Varlink API/REST API information disclosureNot Defined
 
 
0.06CVE-2020-14370
09/23/2020$0-$5k$0-$5kansible-engine dnf Module weak authenticationNot Defined
 
 
0.58CVE-2020-14365
09/23/2020$0-$5k$0-$5kWildfly Elytron Form Authentication weak authenticationNot Defined
 
 
0.00CVE-2020-10714
09/23/2020$0-$5k$0-$5kUndertow HTTP privilege escalationNot Defined
 
 
0.08CVE-2020-10687
09/23/2020$0-$5k$0-$5kPingID integration CefSharp.BrowserSubprocess.exe privilege escalationNot Defined
 
 
0.07CVE-2020-25826
09/23/2020$5k-$25k$0-$5kCisco IOS XR DVMRP denial of serviceNot Defined
 
 
0.06CVE-2020-3569
09/23/2020$5k-$25k$0-$5kCisco TelePresence Collaboration Endpoint Video Endpoint API directory traversalNot Defined
 
 
0.00CVE-2020-3143
09/23/2020$5k-$25k$0-$5kCisco Unified Communications Manager Web-based Management Interface cross site request forgeryNot Defined
 
 
0.00CVE-2020-3135
09/23/2020$25k-$100k$5k-$25kCisco Cisco Email Security Appliance Content Filter privilege escalationNot Defined
 
 
0.06CVE-2020-3133
09/23/2020$5k-$25k$0-$5kCisco Unity Connection Web Management Interface directory traversalNot Defined
 
 
0.06CVE-2020-3130
09/23/2020$5k-$25k$0-$5kCisco Hosted Collaboration Mediation Fulfillment Web-based Interface cross site request forgeryNot Defined
 
 
0.04CVE-2020-3124
09/23/2020$25k-$100k$5k-$25kCisco Web Security Appliance API Framework Header Injection privilege escalationNot Defined
 
 
0.09CVE-2020-3117
09/23/2020$5k-$25k$0-$5kCisco WebEx UCF File privilege escalationNot Defined
 
 
0.04CVE-2020-3116
09/23/2020$0-$5k$0-$5kpeg-markdown markdown_lib.c process_raw_blocks denial of serviceNot Defined
 
 
0.06CVE-2020-25821
09/23/2020$5k-$25k$5k-$25kCisco Email Security Appliance Advanced Malware Protection privilege escalationNot Defined
 
 
0.25CVE-2019-1983
09/23/2020$5k-$25k$5k-$25kCisco Email Security Appliance Email Message Filter privilege escalationNot Defined
 
 
0.05CVE-2019-1947
09/23/2020$5k-$25k$0-$5kCisco Unified Contact Center Express Administration Web Interface privilege escalationNot Defined
 
 
0.05CVE-2019-1888
09/23/2020$0-$5k$0-$5kCisco UCS C-Series Rack Servers Signature Validation weak authenticationNot Defined
 
 
0.00CVE-2019-1736

Do you know our Splunk app?

Download it now for free!