Archive 01/20/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1684974.34.3Keymaker Assets Endpoint join path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-21269
1684966.36.3gin X-Forwarded-For Header Remote Privilege Escalation$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-28483
1684953.53.5Akka com.softwaremill.akka-http-session cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-28452
1684947.37.3Dnsmasq rfc1035.c extract_name heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-25687
1684935.65.6Dnsmasq Pending Request security check for standard$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-25686
1684927.37.3Dnsmasq rfc1035.c extract_name heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-25682
1684915.65.6Dnsmasq RRSets Sort heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-25681
1684904.34.3Open-AudIT Web Interface information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-3130
1684896.36.0PrestaShop sql injection$0-$5k$0-$5kProof-of-ConceptNot Defined0.01CVE-2021-3110
1684886.36.3Ardatan graphql-tools load-git.ts execSync command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-23326
1684874.34.3Oracle Argus Safety Letters information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-2110
1684867.17.1Oracle Argus Safety Case Form/Local Affiliate Form Remote Code Execution$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-2040
1684857.57.5IBM Spectrum LSF/Spectrum LSF Suite LSF Job unknown vulnerability$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-4983
1684846.36.3IBM Security Guardium sql injection$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-4921
1684835.35.3IBM AIX/VIOS Local Privilege Escalation$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2020-4887
1684825.35.3IBM Security Guardium command injection$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2020-4688
1684813.53.3Employee Performance Evaluation System Admin Portal cross site scripting$0-$5k$0-$5kProof-of-ConceptNot Defined0.05CVE-2020-35272
1684803.53.3Employee Performance Evaluation System cross site scripting$0-$5k$0-$5kProof-of-ConceptNot Defined0.05CVE-2020-35271
1684793.53.5Vert.x Web Framework cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-35217
1684785.65.6Dnsmasq DNS Cache forward.c reply_query unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-25685
1684775.65.6Dnsmasq DNS Cache forward.c reply_query security check for standard$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-25684
1684763.73.7Dnsmasq DNSSEC rfc1035.c extract_name heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-25683
1684753.13.1STM32Cube PKCS Padding information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-20949
1684745.55.5X.Org Server XkbSetMap memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-14360
1684733.23.2Oracle VM VirtualBox information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-2123
1684724.44.4Oracle VM VirtualBox denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-2130
1684714.44.4Oracle VM VirtualBox denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-2127
1684704.44.4Oracle VM VirtualBox denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-2073
1684694.64.6Oracle VM VirtualBox unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-2125
1684686.06.0Oracle VM VirtualBox unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-2131
1684676.06.0Oracle VM VirtualBox unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-2126
1684666.06.0Oracle VM VirtualBox information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-2120
1684656.06.0Oracle VM VirtualBox information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.01CVE-2021-2119
1684646.06.0Oracle VM VirtualBox denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2021-2124
1684636.06.0Oracle VM VirtualBox denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-2121
1684626.06.0Oracle VM VirtualBox denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-2112
1684616.06.0Oracle VM VirtualBox denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-2111
1684606.06.0Oracle VM VirtualBox denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-2086
1684596.56.5Oracle VM VirtualBox information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-2128
1684587.97.9Oracle VM VirtualBox unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-2129
1684578.28.2Oracle VM VirtualBox Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-2074
1684569.89.8Oracle Utilities Framework General Remote Code Execution$100k and more$25k-$100kNot DefinedOfficial Fix0.03CVE-2020-2555
1684553.73.7Oracle StorageTek Tape Analytics SW Tool information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-9488
1684545.05.0Oracle ZFS Storage Appliance Kit RAS subsystems unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-1999
1684536.16.1Oracle StorageTek Tape Analytics SW Tool jQuery unknown vulnerability$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-11022
1684529.89.8Oracle ZFS Storage Appliance Kit Operating System Image Remote Code Execution$100k and more$25k-$100kNot DefinedOfficial Fix0.00CVE-2020-11984
1684516.16.1Oracle Transportation Management Install unknown vulnerability$5k-$25k$5k-$25kNot DefinedOfficial Fix0.08CVE-2019-11358
1684506.16.1Oracle Agile Product Lifecycle Management for Process Installation unknown vulnerability$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2019-11358
1684496.16.1Oracle Agile PLM Security unknown vulnerability$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-9281
1684487.57.5Oracle Agile Engineering Data Management Install Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2019-17563

Do you know our Splunk app?

Download it now for free!