Recent July 2020

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTICVE
07/31/20205.45.1Huawei P30 input validation$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-9249
07/31/20205.45.4Huawei FusionComput Authorization authorization$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-9248
07/31/20206.86.5Inductive Automation Ignition authorization$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-14520
07/31/20205.55.5Ansible Tower API User information exposure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-14337
07/31/20206.36.3Red Hat Satellite Cache File access control$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-14334
07/31/20208.68.6Red Hat OpenStack Platform Virtual Machine nova_libvirt access control$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2020-10731
07/31/20208.58.2Qualcomm PLC Firmware HPAV2 cryptographic issues$0-$5k$0-$5kNot DefinedOfficial Fix0.10CVE-2020-3681
07/31/20206.36.0Cisco Data Center Network Manager Web-based Management Interface sql injection$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-3462
07/31/20205.35.1Cisco Data Center Network Manager Web-based Management Interface missing authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-3461
07/31/20205.04.8Cisco Data Center Network Manager Web-based Management Interface cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.90CVE-2020-3460
07/31/20207.57.2Cisco Data Center Network Manager REST API Endpoint improper authorization$5k-$25k$0-$5kNot DefinedOfficial Fix0.19CVE-2020-3386
07/31/20207.26.9Cisco Data Center Network Manager REST API Endpoint incomplete blacklist$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-3384
07/31/20207.57.2Cisco Data Center Network Manager Archive Utility input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.88CVE-2020-3383
07/31/20208.58.2Cisco Data Center Network Manager REST API hard-coded credentials$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-3382
07/31/20206.36.0Cisco Data Center Network Manager Device Manager Application os command injection$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-3377
07/31/20207.37.0Cisco Data Center Network Manager Device Manager Application missing authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-3376
07/31/20208.58.2Cisco SD-WAN Solution memory corruption$5k-$25k$5k-$25kNot DefinedOfficial Fix0.05CVE-2020-3375
07/31/20208.17.7Cisco SD-WAN vManage Web-based Management Interface improper authorization$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-3374
07/31/20206.56.5DaviewIndy Daview.exe heap-based buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-7829
07/31/20206.56.5DaviewIndy Daview.exe heap-based buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.80CVE-2020-7828
07/31/20206.56.5DaviewIndy Daview.exe use after free$0-$5k$0-$5kNot DefinedNot Defined0.20CVE-2020-7827
07/31/20206.76.7HPE Intelligent Provisioning grub2 code injection$5k-$25k$5k-$25kNot DefinedNot Defined0.14CVE-2020-7205
07/31/20205.65.4Linux Kernel RNG random.c information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-16166
07/31/20208.58.5SpringBlade DAO/DTO list sql injection$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-16165
07/31/20206.56.5RIPE NCC RPKI Validator Access Restriction certificate validation$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-16164
07/31/20208.27.8RIPE NCC RPKI Validator RRDP Fetch certificate validation$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-16163
07/31/20206.56.5RIPE NCC RPKI Validator CRL certificate validation$0-$5k$0-$5kNot DefinedNot Defined0.20CVE-2020-16162
07/31/20204.44.3Nagios Log Server Notification Methods Stored cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-16157
07/31/20206.46.1DP3T-Backend-SDK JWT DP3T signature verification$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-15957
07/31/20206.36.1Hashicorp Terraform Enterprise Signup Page input validation$0-$5k$0-$5kNot DefinedOfficial Fix0.15CVE-2020-15511
07/31/20206.45.6slp-validate NFT1 Child Genesis Transaction comparison$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-15131
07/31/20206.45.6slpjs Package NFT1 Child Genesis Transaction comparison$0-$5k$0-$5kNot DefinedOfficial Fix0.94CVE-2020-15130
07/31/20204.74.2Traefik API Dashboard redirect$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-15129
07/31/20207.87.8Pi-Hole sudo privileges management$0-$5k$0-$5kNot DefinedNot Defined0.14CVE-2020-14162
07/31/20207.37.3ABUS Secvest FUMO50110 RF improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-14158
07/31/20206.56.5Pi-Hole dns-servers.conf privileges management$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-12620
07/31/20204.44.3Pulse Connect Secure Citrix ICA URL cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-8217
07/30/20207.16.8Pulse Connect Secure Administrator Web Interface path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8222
07/30/20205.65.4Pulse Connect Secure Administrator Web Interface path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8221
07/30/20206.46.1Pulse Connect Secure resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8220
07/30/20205.95.7Pulse Connect Secure Permission Check Password insufficient permissions or privileges$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2020-8219
07/30/20205.95.7Pulse Connect Secure Admin Web Interface code injection$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-8218
07/30/20204.34.1Pulse Connect Secure Meeting Detail information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-8216
07/30/20205.35.3UniFi Protect Web Application information exposure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-8213
07/30/20208.58.2Pulse Connect Secure Google TOTP improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8206
07/30/20205.24.9Pulse Connect Secure PSAL Page cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-8204
07/30/20205.35.3NextCloud Preferred Providers App excessive authentication$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-8202
07/30/20205.45.4Fastify resource consumption$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-8192
07/30/20205.35.3IBM Security Guardium Login Page information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined0.45CVE-2020-4186
07/30/20204.84.8IBM Security Guardium missing encryption$5k-$25k$0-$5kNot DefinedNot Defined0.83CVE-2020-4185

Do you want to use VulDB in your project?

Use the official API to access entries easily!