Archive 01/08/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

1674495.65.6pwntools Shellcraft Generator injection$0-$5k$0-$5kNot DefinedOfficial Fix1.58+CVE-2020-28468
1674486.36.3Invision Power Services Community Suite Download REST API files.php GETindex sql injection$0-$5k$0-$5kNot DefinedOfficial Fix2.10+CVE-2021-3025
1674473.53.5AWBS Advanced Webhost Billing System cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined2.16+CVE-2020-25950
1674464.34.3D-Link DSL-2888A One Touch Application passwd information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix2.16+CVE-2020-24577
1674455.35.3NVIDIA GPU Display Driver Kernel Mode Layer access control$0-$5k$0-$5kNot DefinedOfficial Fix2.58CVE-2021-1056
1674445.35.3NVIDIA GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape access control$0-$5k$0-$5kNot DefinedOfficial Fix2.52CVE-2021-1055
1674433.33.3NVIDIA GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape improper authorization$0-$5k$0-$5kNot DefinedOfficial Fix2.42CVE-2021-1054
1674427.87.8NVIDIA GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix2.42CVE-2021-1053
1674417.87.8NVIDIA GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape access control$0-$5k$0-$5kNot DefinedOfficial Fix2.42CVE-2021-1052
1674407.87.8NVIDIA GPU Display Driver Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix2.68CVE-2021-1051
1674395.55.5Mercusys Mercury X18G UPnP Server uhttpd.json pathname traversal$0-$5k$0-$5kNot DefinedNot Defined2.48CVE-2021-23242
1674383.53.5Mercusys Mercury X18G Web Server passwd pathname traversal$0-$5k$0-$5kNot DefinedNot Defined2.48CVE-2021-23241 Large Packet resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix2.68CVE-2020-36049
1674364.34.3Engine.IO POST Request EventEmitter resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix2.89CVE-2020-36048
1674355.55.5PHPGurukul Hospital Management System dashboard.php access control$0-$5k$0-$5kNot DefinedNot Defined3.00CVE-2020-35745
1674347.37.3Barco TransForm NDN-210 Lite Web Administration Panel command injection$0-$5k$0-$5kNot DefinedOfficial Fix2.79CVE-2020-17500
1674335.55.5Gotenberg tini permission$0-$5k$0-$5kNot DefinedNot Defined4.05CVE-2020-13452
1674325.55.5Gotenberg Office Rendering Engine unknown vulnerability$0-$5k$0-$5kNot DefinedNot Defined3.89CVE-2020-13451
1674315.55.5Gotenberg File Upload pathname traversal$0-$5k$0-$5kNot DefinedNot Defined3.94CVE-2020-13450
1674303.53.5Gotenberg Markdown Engine pathname traversal$0-$5k$0-$5kNot DefinedNot Defined4.10CVE-2020-13449
1674296.36.3Rock RMS unrestricted upload$0-$5k$0-$5kNot DefinedOfficial Fix4.94CVE-2019-18643
1674285.55.5Rock RMS Profile Update resource injection$0-$5k$0-$5kNot DefinedOfficial Fix3.89CVE-2019-18642
1674276.36.0Backdoor.Win32.NinjaSpy.c HTTP PUT cmd.dll buffer overflow$0-$5k$0-$5kProof-of-ConceptNot Defined4.36
1674266.36.0Backdoor.Win32.Xtreme.yvp System.exe permission$0-$5k$0-$5kProof-of-ConceptNot Defined3.10
1674256.36.0Backdoor.Win32.Agent.dcbh 674_674.exe permission$0-$5k$0-$5kProof-of-ConceptNot Defined3.42
1674245.05.0Eaton easySoft E70 File type confusion$0-$5k$0-$5kNot DefinedNot Defined3.26CVE-2020-6656
1674232.62.6Eaton easySoft E70 File out-of-bounds read$0-$5k$0-$5kNot DefinedNot Defined3.46CVE-2020-6655
1674223.73.7IBM Emptoris Strategic Supply Management inadequate encryption$5k-$25k$0-$5kNot DefinedNot Defined4.63CVE-2020-4898
1674215.35.3IBM Emptoris Contract Management information exposure$5k-$25k$0-$5kNot DefinedNot Defined3.68CVE-2020-4897
1674207.37.3IBM Emptoris Sourcing HTTP Request injection$5k-$25k$0-$5kNot DefinedNot Defined3.94CVE-2020-4896
1674193.53.5IBM Emptoris Strategic Supply Management Web UI cross site scripting$0-$5k$0-$5kNot DefinedNot Defined3.22CVE-2020-4895
1674183.73.7IBM Emptoris Strategic Supply Management HTTP GET Request information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined3.26CVE-2020-4893
1674173.53.5IBM Emptoris Contract Management Web UI cross site scripting$0-$5k$0-$5kNot DefinedNot Defined3.67CVE-2020-4892
1674165.55.5Linux Kernel infiniband hfi1 Driver use after free$5k-$25k$0-$5kNot DefinedOfficial Fix3.47CVE-2020-27835
1674155.05.0Red Hat JBoss Core Services httpd SSL Certificate certificate validation$5k-$25k$0-$5kNot DefinedOfficial Fix3.41CVE-2020-25680
1674143.53.5Liferay CMS Portal Calendar cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix3.52CVE-2020-25476
1674133.53.5Rockwell Automation RSLinx Classic Ethernet IP denial of service$0-$5k$0-$5kNot DefinedNot Defined3.42CVE-2020-13573
1674126.36.3Foxit Reader/PhantomPDF Opcode proxyDoAction out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix2.95CVE-2018-20316
1674116.36.3Foxit Reader/PhantomPDF out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix2.95CVE-2018-20315
1674106.36.3Foxit Reader/PhantomPDF proxyCheckLicence out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix2.95CVE-2018-20314
1674096.36.3Foxit Reader/PhantomPDF proxyPreviewAction out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix2.00CVE-2018-20313
1674086.36.3Foxit Reader/PhantomPDF Opcode proxyDoAction out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix1.90CVE-2018-20312
1674076.36.3Foxit Reader/PhantomPDF proxyCPDFAction out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix2.00CVE-2018-20311
1674066.36.3Foxit Reader/PhantomPDF proxyDoAction out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix1.68CVE-2018-20310
1674056.36.3Foxit Reader/PhantomPDF proxyGetAppEdition out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix2.16CVE-2018-20309
1674046.36.0Foxit PDF ActiveX Permission command injection$0-$5k$0-$5kNot DefinedOfficial Fix1.95CVE-2018-19418
1674034.34.3Portable Document Format Signature signature verification$0-$5k$0-$5kNot DefinedOfficial Fix1.63CVE-2018-18689
1674024.34.3Portable Document Format Signature signature verification$0-$5k$0-$5kNot DefinedOfficial Fix1.69CVE-2018-18688

Want to stay up to date on a daily basis?

Enable the mail alert feature now!