Archive 01/14/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

1679934.34.3Apache Tomcat NTFS File System File.getCanonicalPath information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined0.11CVE-2021-24122
1679925.55.5XMLBeans XML Parser xml external entity reference$0-$5k$0-$5kNot DefinedNot Defined0.17CVE-2021-23926
1679913.53.5ZTE ZXV10 B860A Log information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-21722
1679905.35.3acmailer/acmailer DB improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-20618
1679896.36.3acmailer/acmailer DB access control$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-20617
1679882.42.4Bosch PRAESIDEO/PRAESENSA Web-based Management Interface cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-6777
1679874.34.3Bosch PRAESIDEO/PRAESENSA Web-based Management Interface cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-6776
1679863.53.5SimplCommerce Bootbox.js html cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-29587
1679857.37.3Fortinet FortiWeb httpd stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-29019
1679846.36.3Fortinet FortiWeb format string$0-$5k$0-$5kNot DefinedNot Defined0.22CVE-2020-29018
1679836.36.3Fortinet FortiDeceptor Customization Page os command injection$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-29017
1679827.37.3Fortinet FortiWeb Request stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-29016
1679815.65.6Fortinet FortiWeb Authorization Header sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-29015
1679806.36.3scullyio scully HTML Page JSON.stringify state issue$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-28470
1679793.53.5TOTOLINK A702R Directory Indexing information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-27368
1679783.53.5Skyworth GN542VF Configuration Page cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-26733
1679773.73.7Skyworth GN542VF Boa Session Cookie missing secure attribute$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-26732
1679766.36.3Open-iSCSI tcmu-runner tcmur_cmd_handler.c xcopy_locate_udev pathname traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-3139
1679756.36.3Discourse 2FA improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-3138
1679744.34.31C:Enterprise URL Parameter information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-3131
1679732.72.7Palo-Alto PAN-OS log file$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-3032
1679724.34.3Palo-Alto PAN OS Ethernet Packet information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-3031
1679715.55.5git-big-picture Branch Name unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-3028
1679703.53.5OWASP json-sanitizer JSON denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-23900
1679693.53.5OWASP json-sanitizer Script Tag cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-23899
1679683.53.5Bumblebee HP ALM Plugin Configuration File credentials storage$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-21614
1679673.53.5TICS Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-21613
1679663.53.5TraceTronic ECU-TEST Plugin Configuration File credentials storage$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-21612
1679653.53.5Jenkins Display Name cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-21611
1679643.53.5Jenkins Markup cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-21610
1679635.55.5Jenkins URL handler authorization$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-21609
1679623.53.5Jenkins cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-21608
1679613.53.5Jenkins URL memory allocation$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-21607
1679603.53.5Jenkins XML File information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-21606
1679595.55.5Jenkins Agent config.xml permission$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-21605
1679585.55.5Jenkins Old Data Monitor deserialization$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-21604
1679573.53.5Jenkins Notification Bar cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-21603
1679565.55.5Jenkins File Browser link following$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-21602
1679555.35.3jQuery Validation Plugin resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-21252
1679546.36.3Adobe Bridge TTF File out-of-bounds write$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-21013
1679536.36.3Adobe Bridge TTF File out-of-bounds write$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21012
1679525.35.3Adobe Captivate 2019 uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21011
1679515.35.3Adobe InCopy uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21010
1679505.35.3Adobe Campaign Classic server-side request forgery$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-21009
1679495.35.3Adobe Animate uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-21008
1679485.35.3Adobe Illustrator uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-21007
1679476.36.3Adobe Photoshop Font File heap-based overflow$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21006
1679467.27.2Cisco Small Business Web-based Management Interface stack-based overflow$5k-$25k$5k-$25kNot DefinedWorkaround0.05CVE-2021-1360
1679453.13.1Cisco WebEx Meetings/WebEx Meetings Server Host Key excessive authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-1311
1679446.36.3Cisco Webex Meetings Web-based Management Interface redirect$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-1310

Might our Artificial Intelligence support you?

Check our Alexa App!