Recent 08/28/2020

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTICVE
01:28 PM5.75.7XooNIps cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-5625
01:28 PM8.58.5XooNIps sql injection$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-5624
01:28 PM6.76.7NITORI App redirect$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-5623
01:27 PM4.84.8Netgear GS716Tv2/GS724Tv3 cross-site request forgery$5k-$25k$5k-$25kNot DefinedNot Defined0.06CVE-2020-5621
08:53 AM6.76.7Trend Micro Micro Deep Security/Vulnerability Protection Management Console permission assignment$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2020-8602
08:52 AM6.36.3Dell EMC Isilon OneFS/EMC PowerScale OneFS Likewise memory corruption$5k-$25k$5k-$25kNot DefinedNot Defined0.07CVE-2020-5383
08:52 AM6.96.9IBM Security Guardium Insights privileges management$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2020-4603
08:52 AM5.45.4IBM WebSphere Application Server ND High Availability Deployment Manager cross site scripting$5k-$25k$5k-$25kNot DefinedNot Defined0.06CVE-2020-4575
08:51 AM4.84.8IBM Security Guardium Insights HSTS information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined0.06CVE-2020-4175
08:51 AM4.84.8IBM Security Guardium Insights missing encryption$5k-$25k$0-$5kNot DefinedNot Defined0.07CVE-2020-4174
08:51 AM3.73.7IBM Security Guardium Insights information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined0.07CVE-2020-4172
08:50 AM4.34.3IBM Security Guardium Insights Web Page information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-4171
08:50 AM6.46.4IBM Security Guardium Insights risky encryption$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-4169
08:50 AM6.96.9IBM Security Guardium Insights improper authentication$5k-$25k$5k-$25kNot DefinedNot Defined0.06CVE-2020-4167
08:50 AM5.35.3IBM Security Guardium Insights Error Message information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-4166
08:49 AM7.26.9Cisco FXOS/NX-OS Fabric Services null pointer dereference$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-3517
08:49 AM3.33.2Cisco UCS Manager CLI resource control$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-3504
08:49 AM8.07.7Cisco NX-OS Call Home input validation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-3454
08:48 AM8.88.4Cisco NX-OS Data Management Engine out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-3415
08:48 AM6.96.6Cisco NX-OS Border Gateway Protocol input validation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-3398
08:47 AM6.96.6Cisco NX-OS Border Gateway Protocol input validation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-3397
08:47 AM7.87.5Cisco Nexus 3000/Nexus 9000 Enable Secret improper authorization$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-3394
08:41 AM6.46.1Cisco NX-OS Protocol Independent Multicast denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-3338
08:41 AM6.56.3OpenZFS User Permission default permission$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-24717
08:41 AM6.56.3OpenZFS Permission permission assignment$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-24716
08:41 AM8.58.2Scalyr Agent SSL Certificate Validator certificate validation$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-24715
08:40 AM8.58.2Scalyr Agent SSL Certificate Validator certificate validation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-24714
08:38 AM5.45.4WSO2 API Manager Try It Tool Reflected cross site scriting$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-24706
08:37 AM7.57.5WSO2 API Manager Carbon Management Console Session Hijacking improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-24705
08:36 AM5.45.4WSO2 API Manager Try It Tool Reflected cross site scriting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-24704
08:35 AM7.57.5WSO2 API Manager Carbon Management Console Session Hijacking improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-24703
08:34 AM5.45.1JetBrains YouTrack authorization$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-24618
08:23 AM5.24.6EyesOfNetwork eonweb admin_logs Stored cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-24390
08:23 AM8.58.5Projects World Travel Management System Pic Upload updatesubcategory.php unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-24203
08:22 AM8.58.5Projects World House Rental File Upload unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-24202
08:21 AM6.76.7Online Bike Rental Vehicle Image Upload unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-24196
08:21 AM4.44.4Online Hotel Booking System Pro PHP Registration Form Persistent cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2020-23984
08:10 AM4.44.4Michael-Design iChat Realtime PHP Live Support System Persistent cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-23983
08:10 AM5.25.2DesignMasterEvents Conference Management certificate.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-23982
08:10 AM5.25.213enforme CMS content.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-23981
07:45 AM8.58.5DesignMasterEvents Conference Management Administrator Login Page sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-23980
07:44 AM8.58.513enforme CMS content.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-23979
07:44 AM8.58.5Soluzione Globale Ecommerce CMS offerta.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-23978
07:44 AM5.25.2KandNconcepts Club CMS team.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-23977
07:44 AM8.58.5KandNconcepts Club CMS team.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-23973
07:44 AM8.58.5Webexcels Ecommerce CMS content.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.22CVE-2020-23976
07:43 AM5.25.2Webexcels Ecommerce CMS search.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.13CVE-2020-23975
07:43 AM4.44.4Create-Project Manager Online Chat/Social Feed/Message/Client Persistent cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.17CVE-2020-23974
07:42 AM7.47.4GMapFP File Upload unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-23972
07:41 AM4.44.4Laborator Neon Dashboard Chat Stored cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-23576

Might our Artificial Intelligence support you?

Check our Alexa App!