Exploits 11/17/2020info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
11/17/2020$5k-$25k$5k-$25kCisco Security Manager Serialized Java Object deserializationNot Defined
 
 
0.07CVE-2020-27131
11/17/2020$5k-$25k$0-$5kCisco Security Manager input validationNot Defined
 
 
0.00CVE-2020-27125
11/17/2020$5k-$25k$0-$5kCisco Security Manager pathname traversalNot Defined
 
 
0.04CVE-2020-27130
11/17/2020$5k-$25k$0-$5kLinux Kernel ICMP Packet random valuesNot Defined
 
 
0.06CVE-2020-25705
11/17/2020$0-$5k$0-$5kBASETech GE-131 BT-1837836 Remote Code ExecutionNot Defined
 
 
0.07CVE-2020-27556
11/17/2020$0-$5k$0-$5kGARMIN Forerunner 235 ConnectIQ TVM array indexNot Defined
 
 
0.06CVE-2020-27483
11/17/2020$0-$5k$0-$5kMicro Focus Arcsight Logger Remote Privilege EscalationNot Defined
 
 
0.08CVE-2020-11851
11/17/2020$0-$5k$0-$5kPrestaShop Shopping Cart access controlNot Defined
 
 
0.00CVE-2020-26224
11/17/2020$0-$5k$0-$5kHorizontCMS Theme <php_file_name> unrestricted uploadNot Defined
 
 
0.06CVE-2020-28693
11/17/2020$0-$5k$0-$5kArtworks Gallery in PHP, CSS, JavaScript, and MySQL unrestricted uploadNot Defined
 
 
0.07CVE-2020-28687
11/17/2020$0-$5k$0-$5kArtworks Gallery in PHP, CSS, JavaScript, and MySQL Artwork unrestricted uploadNot Defined
 
 
0.06CVE-2020-28688
11/17/2020$0-$5k$0-$5kKeyCloak unnecessary privilegesNot Defined
 
 
0.07CVE-2020-14389
11/17/2020$0-$5k$0-$5kBASETech GE-131 BT-1837836 Telnet Server hard-coded credentialsNot Defined
 
 
0.06CVE-2020-27555
11/17/2020$0-$5k$0-$5kGARMIN Forerunner 235 ConnectIQ TVM write integer overflowNot Defined
 
 
0.04CVE-2020-27484
11/17/2020$0-$5k$0-$5kGARMIN Forerunner 235 ConnectIQ TVM buffer overflowNot Defined
 
 
0.00CVE-2020-27486
11/17/2020$0-$5k$0-$5kGARMIN Forerunner 235 ConnectIQ TVM use after freeNot Defined
 
 
0.00CVE-2020-27485
11/17/2020$0-$5k$0-$5kXstream Security Framework os command injectionNot Defined
 
 
0.00CVE-2020-26217
11/17/2020$0-$5k$0-$5kfastadmin-tp6 Ajax.php sql injectionNot Defined
 
 
0.06CVE-2020-21665
11/17/2020$0-$5k$0-$5kTobesoft XPlatform hta File input validationNot Defined
 
 
0.05CVE-2020-7841
11/17/2020$0-$5k$0-$5ky18n code injectionNot Defined
 
 
0.06CVE-2020-7774
11/17/2020$0-$5k$0-$5kBASETech GE-131 BT-1837836 pathname traversalNot Defined
 
 
0.06CVE-2020-27553
11/17/2020$0-$5k$0-$5kAirleader Master Tomcat Manager hard-coded credentialsNot Defined
 
 
0.00CVE-2020-26510
11/17/2020$0-$5k$0-$5kBASETech GE-131 BT-1837836 Video Stream information disclosureNot Defined
 
 
0.00CVE-2020-27558
11/17/2020$0-$5k$0-$5kGitLab Enterprise Edition Private Project information disclosureNot Defined
 
 
0.00CVE-2020-26406
11/17/2020$0-$5k$0-$5kGitLab Community Edition/Enterprise Edition Project EE information disclosureNot Defined
 
 
0.06CVE-2020-13352
11/17/2020$0-$5k$0-$5kAirleader Master/Easy hard-coded credentialsNot Defined
 
 
0.00CVE-2020-26509
11/17/2020$0-$5k$0-$5kBinaryNights ForkLift injectionNot Defined
 
 
0.00CVE-2020-27192
11/17/2020$0-$5k$0-$5kBinaryNights ForkLift Helper Tool access controlNot Defined
 
 
0.08CVE-2020-15349
11/17/2020$0-$5k$0-$5kBASETech GE-131 BT-1837836 missing encryptionNot Defined
 
 
0.06CVE-2020-27554
11/17/2020$0-$5k$0-$5kGitLab Community Edition/Enterprise Edition Kubernetes Agent API access controlNot Defined
 
 
0.00CVE-2020-13358
11/17/2020$0-$5k$0-$5kMicro Focus Filr Scripting cross site scriptingNot Defined
 
 
0.05CVE-2020-25832
11/17/2020$0-$5k$0-$5kMicro Focus Arcsight Logger cross site scriptingNot Defined
 
 
0.00CVE-2020-25834
11/17/2020$0-$5k$0-$5kLimeSurvey cross site scriptingNot Defined
 
 
0.05CVE-2020-25798
11/17/2020$0-$5k$0-$5kMicro Focus IDOL cross site scriptingNot Defined
 
 
0.07CVE-2020-25833
11/17/2020$0-$5k$0-$5kPrestaShop Product Comments Link cross site scriptingNot Defined
 
 
0.05CVE-2020-26225
11/17/2020$0-$5k$0-$5kKeycloak cross site scriptingNot Defined
 
 
0.06CVE-2020-10776
11/17/2020$0-$5k$0-$5kProgress MOVEit Transfer cross site scriptingNot Defined
 
 
0.07CVE-2020-28647
11/17/2020$0-$5k$0-$5kMicro Focus Arcsight Logger cross site scriptingNot Defined
 
 
0.00CVE-2020-11860
11/17/2020$0-$5k$0-$5kCanon Oce ColorWave 3500 WebTools information disclosureNot Defined
 
 
0.00CVE-2020-26508
11/17/2020$0-$5k$0-$5kGitLab Community Edition/Enterprise Edition Container Registry resource consumptionNot Defined
 
 
0.07CVE-2020-13354
11/17/2020$0-$5k$0-$5kBASETech GE-131 BT-1837836 Video Stream information disclosureNot Defined
 
 
0.06CVE-2020-27557
11/17/2020$0-$5k$0-$5kGitaly Import information disclosureNot Defined
 
 
0.04CVE-2020-13353
11/17/2020$0-$5k$0-$5kResourceXpress Qubi3 Debug Interface information disclosureNot Defined
 
 
0.05CVE-2020-25746

Do you know our Splunk app?

Download it now for free!