Recent 10/17/2020

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTICVE
11:56 AM5.55.3Linux Kernel 64-bit Value verifier.c scalar32_min_max_or memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-27194
11:55 AM6.86.8Overwolf access control$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-25214
11:50 AM7.36.6Microsoft Visual Studio Code JSON Remote Code Execution$5k-$25k$5k-$25kProof-of-ConceptOfficial Fix0.08CVE-2020-17023
11:49 AM7.87.0Microsoft Windows Codecs Library memory corruption$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.00CVE-2020-17022
11:38 AM6.56.2Juniper Junos Virtual Chassis resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-1689
11:36 AM3.83.7ClearPass Junos Web API key management$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-1688
11:31 AM6.56.2Juniper Junos VXLAN resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1687
11:20 AM7.57.2Juniper Junos vmcore double free$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-1686
11:19 AM4.74.5Juniper Junos Firewall Filter information exposure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1685
11:18 AM7.57.2Juniper Junos HTTP Traffic resource consumption$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1684
11:15 AM7.57.2Juniper Junos vmcore memory leak$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-1683
11:14 AM5.55.3Juniper Junos srxpfe denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1682
11:13 AM6.56.2Juniper Junos NDP handling of exceptional conditions$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1681
11:10 AM5.55.5Juniper Junos NDP Packet handling of exceptional conditionsCalculating$0-$5kNot DefinedNot Defined0.00
11:09 AM5.35.1Juniper Junos NAT64 format string$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1680
11:08 AM7.57.2Juniper Junos Packet Forwarding Engine denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1679
11:05 AM6.56.2Juniper Junos BGP Packet memory leak$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1678
11:05 AM7.26.9Juniper Mist Cloud UI SAML Response improper authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-1677
11:04 AM7.26.9Juniper Mist Cloud UI SAML Response improper authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1676
11:02 AM8.37.9Juniper Mist Cloud UI SAML improper authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1675
11:01 AM5.45.2Juniper Junos MACsec Packet protection mechanism failure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1674
11:00 AM4.34.1Juniper Junos J-Web cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1673
10:59 AM7.57.2Juniper Junos jdhcpd denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1672
10:58 AM7.57.2Juniper Junos JDHCPD out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1671
10:57 AM6.56.2Juniper Junos Routing Engine resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1670
10:54 AM4.34.1Juniper Junos Device Manager Container passwd credentials storage$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1669
10:52 AM7.57.2Juniper Junos Routing Engine resource consumption$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-1668
10:51 AM8.37.9Juniper Junos Multiservices PIC Management Daemon race condition$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1667
10:50 AM4.13.9Juniper Junos System Console access control$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-1666
10:32 AM5.35.1Juniper Junos Packet Forwarding Engine denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1665
10:31 AM7.87.5Juniper Junos Daemon stack-based buffer overflow$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1664
10:29 AM7.57.2Juniper Junos RPD denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1662
10:28 AM5.35.1Juniper Junos jdhcp denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1661
10:27 AM9.18.7Juniper Junos Multiservices PIC Management Daemon denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1660
10:26 AM7.57.2Juniper Junos key-management-daemon denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-1657
10:25 AM9.89.4Juniper Junos DHCPv6 Relay-Agent Service null pointer dereference$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-1656
10:22 AM5.45.4EZCast Pro II Administration Panel information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-12305
09:39 AM6.96.9IBM Resilient OnPrem command injection$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-4636
09:37 AM5.65.6IBM Security Guardium Big Data Intelligence inadequate encryption$5k-$25k$0-$5kNot DefinedNot Defined0.04CVE-2020-4254
09:35 AM5.55.3Apereo CAS Secret Key improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-27178
09:33 AM6.46.1Dell EMC NetWorker improper authorization$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-26183
09:32 AM6.05.7Dell EMC NetWorker privileges assignment$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-26182
09:31 AM7.16.8Wire URL shell.openExternal input validation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-15258

Want to stay up to date on a daily basis?

Enable the mail alert feature now!