Exploits 11/24/2020info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
11/24/2020$5k-$25k$5k-$25kVMware Workspace One Access command injectionNot Defined
 
 
1.37CVE-2020-4006
11/24/2020$5k-$25k$0-$5kTYPO3 RSS Widget xml external entity referenceNot Defined
 
 
0.00CVE-2020-26229
11/24/2020$5k-$25k$0-$5kLinux Kernel Error Field block_dev.c use after freeNot Defined
 
 
0.06CVE-2020-15436
11/24/2020$5k-$25k$0-$5kTYPO3 Session Identifier cleartext storageNot Defined
 
 
0.00CVE-2020-26228
11/24/2020$5k-$25k$0-$5kTYPO3 Fluid cross site scriptingNot Defined
 
 
0.00CVE-2020-26227
11/24/2020$0-$5k$0-$5kNetgear GS108Ev3 cross-site request forgeryNot Defined
 
 
0.07CVE-2020-5641
11/24/2020$0-$5k$0-$5kPostgreSQL psql Interactive Terminal privileges managementNot Defined
 
 
0.87CVE-2020-25696
11/24/2020$0-$5k$0-$5kGitea repo_form.go encoding errorNot Defined
 
 
0.00CVE-2020-28991
11/24/2020$0-$5k$0-$5kOrtus TestBox Query String HTMLRunner.cfm Remote Privilege EscalationProof-of-Concept
 
Link1.30CVE-2020-15929
11/24/2020$0-$5k$0-$5kOctober CMS authorizationNot Defined
 
 
0.07CVE-2020-15246
11/24/2020$0-$5k$0-$5kSeiko Epson Product untrusted search pathNot Defined
 
 
0.00CVE-2020-5674
11/24/2020$0-$5k$0-$5kprivate-ip IP Range Filter server-side request forgeryNot Defined
 
 
0.00CVE-2020-28360
11/24/2020$0-$5k$0-$5kSPIP configurer_preferences.php unknown vulnerabilityNot Defined
 
 
0.00CVE-2020-28984
11/24/2020$0-$5k$0-$5kJingyun Antivirus Driver hookbody.sys denial of serviceProof-of-Concept
 
Link0.07CVE-2018-16719
11/24/2020$0-$5k$0-$5kJingyun Antivirus Driver ZySandbox.sys denial of serviceProof-of-Concept
 
Link0.07CVE-2018-16720
11/24/2020$0-$5k$0-$5kJingyun Antivirus Driver ZySandbox.sys denial of serviceProof-of-Concept
 
Link0.72CVE-2018-16721
11/24/2020$0-$5k$0-$5kJingyun Antivirus Driver ZySandbox.sys denial of serviceProof-of-Concept
 
Link1.08CVE-2018-16722
11/24/2020$0-$5k$0-$5kJingyun Antivirus Driver ZySandbox.sys denial of serviceProof-of-Concept
 
Link0.65CVE-2018-16723
11/24/2020$0-$5k$0-$5kPlayground Sessions UserProfiles.sol credentials storageNot Defined
 
 
0.00CVE-2020-24227
11/24/2020$0-$5k$0-$5kOctober CMS Twig Sandbox authorizationNot Defined
 
 
0.07CVE-2020-15247
11/24/2020$0-$5k$0-$5kOctober CMS New User authorizationNot Defined
 
 
0.07CVE-2020-15248
11/24/2020$0-$5k$0-$5kOctober CMS Twig Sandbox authorizationNot Defined
 
 
0.06CVE-2020-26231
11/24/2020$0-$5k$0-$5kLinux Kernel 8250_core.c serial8250_isa_init_ports null pointer dereferenceNot Defined
 
 
0.18CVE-2020-15437
11/24/2020$0-$5k$0-$5kHashicorp Nomad/Nomad Enterprise Docker File Sandbox sandboxNot Defined
 
 
0.18CVE-2020-28348
11/24/2020$0-$5k$0-$5kCephx improper authenticationNot Defined
 
 
0.19CVE-2020-25660
11/24/2020$0-$5k$0-$5kOrtus TestBox Query String index.cfm pathname traversalProof-of-Concept
 
Link0.87CVE-2020-15928
11/24/2020$0-$5k$0-$5kMongoDB Ops Manager API Key information disclosureNot Defined
 
 
0.24CVE-2020-7927
11/24/2020$0-$5k$0-$5krhacm Internal API hard-coded keyNot Defined
 
 
0.51CVE-2020-25688
11/24/2020$0-$5k$0-$5kMagicpin User Registration cross site scriptingNot Defined
 
 
0.00CVE-2020-28927
11/24/2020$0-$5k$0-$5kMutt/NeoMutt IMAP Server Response cleartext transmissionNot Defined
 
 
0.06CVE-2020-28896
11/24/2020$0-$5k$0-$5kMongoDB Message Decompressor denial of serviceNot Defined
 
 
0.06CVE-2019-20925
11/24/2020$0-$5k$0-$5kWinSCP FTP Server denial of serviceNot Defined
 
 
0.07CVE-2020-28864
11/24/2020$0-$5k$0-$5kCologneBlue Skin qbfind Message CologneBlueTemplate.php cross site scriptingNot Defined
 
 
0.24CVE-2020-29002
11/24/2020$0-$5k$0-$5kPollNY Extension Answer Option cross site scriptingNot Defined
 
 
0.00CVE-2020-29003
11/24/2020$0-$5k$0-$5kOctober CMS Upload File evil.svg cross site scriptingNot Defined
 
 
0.06CVE-2020-15249
11/24/2020$0-$5k$0-$5kScratch Regular Expression cross site scriptingNot Defined
 
 
0.42CVE-2020-26239
11/24/2020$0-$5k$0-$5kMatrix Synap JSON denial of serviceNot Defined
 
 
0.24CVE-2020-26890

Might our Artificial Intelligence support you?

Check our Alexa App!