Recent 10/28/2020

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTICVE
07:55 PM6.46.4IBM WebSphere Application Server path traversal$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2020-4782
07:52 PM5.95.9Microsoft Sterling Connect Direct buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2020-4767
07:51 PM6.46.1Shibboleth Identify Provider Login Flow denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-27978
07:50 PM8.07.7osCommerce Phoenix CE POST Parameter mail.php os command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-27976
07:49 PM6.15.9osCommerce Phoenix CE define_language.php cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-27975
07:49 PM4.84.8NeoPost Mail Accounting Software Pro FUS_SCM_BlockStart.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-27974
07:48 PM4.84.6Grafana Query cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-24303
07:47 PM5.55.5Snap7 Server COTP Protocol denial of service$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-22552
07:46 PM7.67.6Winston API command injection$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-16257
07:45 PM6.96.6Red Discord Bot Mod Module access control$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-15278
07:42 PM4.44.3Pulse Connect Secure User Web Interface cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8263
07:41 PM4.84.6Pulse Connect Secure/Pulse Policy Secure User Web Interface cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8262
07:41 PM4.94.7Pulse Connect Secure/Pulse Policy Secure Cookie buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-8261
07:40 PM6.76.4Pulse Connect Secure Admin Web Interface unrestricted upload$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8260
07:39 PM5.65.4Pulse Connect Secure Admin Web Interface input validation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8255
07:37 PM7.57.2Pulse Secure Desktop Client Dynamic Certificate Trust path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-8254
07:35 PM6.56.3Pulse Secure Desktop Client access control$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-8250
07:35 PM6.56.3Pulse Secure Desktop Client buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-8249
07:26 PM6.56.3Pulse Secure Desktop Client access control$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-8248
07:25 PM6.56.3Pulse Secure Desktop Client channel accessible$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-8241
07:22 PM6.66.4Pulse Secure Desktop Client Embedded Browser unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-8240
07:21 PM7.67.3Pulse Secure Desktop Client Registry Privileges access control$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8239
07:19 PM3.93.8Mozilla Firefox EC Scalar Point Multiplication key management$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-6829
02:12 PM7.47.4SonicWALL Global VPN Client Library uncontrolled search path$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-5145
02:10 PM7.87.5SonicWALL Global VPN Client untrusted search path$0-$5k$0-$5kNot DefinedNot Defined2.88CVE-2020-5144
02:05 PM4.44.2Apple Music Application information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix2.86CVE-2020-9982
02:04 PM5.45.2Apple tvOS Assets incorrect resource transfer$0-$5k$0-$5kNot DefinedOfficial Fix2.58CVE-2020-9979
02:03 PM7.57.2Apple tvOS Web Contents memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix1.13CVE-2020-9932
02:03 PM7.57.2Apple iOS/iPadOS Web Contents memory corruption$100k and more$25k-$100kNot DefinedOfficial Fix0.12CVE-2020-9932
02:03 PM7.57.2Apple Safari Web Contents memory corruption$25k-$100k$5k-$25kNot DefinedOfficial Fix3.05CVE-2020-9932
02:02 PM5.95.6Apple Safari Javascript input validation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.12CVE-2020-9860
02:01 PM4.34.2Apple macOS Application access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-9786
02:01 PM6.46.2Apple macOS Path Validation path traversal$5k-$25k$0-$5kNot DefinedOfficial Fix2.85CVE-2020-9782
02:00 PM5.55.3Apple macOS Siri Suggestion access control$5k-$25k$0-$5kNot DefinedOfficial Fix1.24CVE-2020-9774
01:59 PM5.35.3dat.gui RGB/RGBA incorrect regex$0-$5k$0-$5kNot DefinedNot Defined0.12CVE-2020-7755
01:57 PM6.66.4Apple macOS Image out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.12CVE-2020-3880
01:57 PM6.66.4Apple tvOS Image out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-3880
01:57 PM6.66.4Apple iOS/iPadOS Image out-of-bounds read$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-3880
01:57 PM6.66.4Apple watchOS Image out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-3880
01:56 PM7.87.5Apple macOS Application memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix2.19CVE-2020-3863
01:54 PM4.84.6MediaWiki RandomGameUnit Extension hard-coded credentials$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-27957
01:43 PM8.07.7SourceCodester Car Rental Management System File Upload unrestricted upload$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2020-27956
01:43 PM5.55.5Texas Instruments CC2538 Zigbee Protocol zclParseInDiscCmdsRspCmd stack-based buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.44CVE-2020-27892
01:42 PM5.55.5Texas Instruments CC2538 Zigbee Protocol zclHandleExternal stack-based buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-27891
01:42 PM5.85.8Texas Instruments CC2538 Zigbee Protocol zclParseInWriteCmd stack-based buffer overflow$0-$5k$0-$5kNot DefinedNot Defined2.01CVE-2020-27890
01:41 PM6.06.0Ubiquiti UniFi Meshing Access Point UAP-AC-M Credential Cache state issue$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-27888
01:39 PM7.06.7Wire AVS/Secure Messenger sdp.c sdp_media_set_lattr denial of service$0-$5k$0-$5kNot DefinedOfficial Fix2.70CVE-2020-27853
01:38 PM8.07.7Western Digital My Cloud NAS AvailableApps.php privileges management$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-27160
01:38 PM8.07.7Western Digital My Cloud NAS DsdkProxy.php input validation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-27159
01:37 PM8.07.7Western Digital My Cloud cgi_api.php access control$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-27158

Want to stay up to date on a daily basis?

Enable the mail alert feature now!