Archive 02/05/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1693195.95.9Gitea denial of service$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2021-3382
1693184.44.4Question2Answer Q2A Ultimate SEO cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-3258
1693174.74.7IBM PowerHA Discovery information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-4832
1693164.84.8typora cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-18737
1693154.84.8Opmantek Open-AudIT SQL Statement cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-3333
1693147.77.4October CMS Manager.php improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-3311
1693135.85.8Redwood Report2Web default.htm injection$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-26711
1693124.84.8Redwood Report2Web signIn.do cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-26710
1693116.05.7Linux Kernel VSOCK af_vsock.c race condition$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2021-26708
1693106.16.1Name Directory Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2021-20652
1693099.38.9Panasonic Video Insight VMS code injection$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-20623
1693084.44.2Electric Coin Company Zcashd Time Offset information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-8807
1693076.26.0Electric Coin Company Zcashd Timestamp authorization$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-8806
1693065.55.5GNOME gnome-autoar Extraction autoar-extractor.c pathname traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-36241
1693057.57.5Zoho ManageEngine Applications Manager com.adventnet.appmanager.filter.UriCollector showresource.do sql injection$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-35765
1693048.08.0ZZZCMS zzzphp zzz_template.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-18717
1693038.08.0RockOA wordAction.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-18716
1693028.08.0RockOA wordModel.php getdata sql injection$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-18714
1693018.08.0RockOA customerAction.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-18713
1693008.07.2Epikur checkPasswort backdoor$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2020-10539
1692994.03.9Epikur hash without salt$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-10538
1692987.06.7Epikur Service Port 4848 improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-10537
1692977.57.0Google Chrome V8 heap-based overflow$25k-$100k$5k-$25kFunctionalOfficial Fix0.06CVE-2021-21148
1692966.56.3Trend Micro Apex One out-of-bounds write$5k-$25k$0-$5kNot DefinedNot Defined0.08CVE-2021-25249
1692954.54.3Trend Micro Apex One/OfficeScan/Worry-Free Business Security Named Pipe out-of-bounds read$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-25248
1692944.84.6Trend Micro Apex One information disclosure$5k-$25k$0-$5kNot DefinedNot Defined0.05CVE-2021-25246
1692934.84.6Trend Micro Worry-Free Business Security access control$5k-$25k$0-$5kNot DefinedNot Defined0.06CVE-2021-25245
1692924.84.6Trend Micro Worry-Free Business Security access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-25244
1692914.84.6Trend Micro Apex One access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-25243
1692904.84.6Trend Micro Apex One access control$5k-$25k$0-$5kNot DefinedNot Defined0.03CVE-2021-25242
1692894.84.6Trend Micro Apex One/Worry-Free Business Security server-side request forgery$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-25241
1692884.84.6Trend Micro Apex One access control$5k-$25k$0-$5kNot DefinedNot Defined0.07CVE-2021-25240
1692874.84.6Trend Micro Apex One access control$5k-$25k$0-$5kNot DefinedNot Defined0.02CVE-2021-25239
1692864.84.6Trend Micro OfficeScan XG/Worry-Free Business Security information disclosure$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-25238
1692854.84.6Trend Micro Apex One access control$5k-$25k$0-$5kNot DefinedNot Defined0.03CVE-2021-25237
1692844.84.6Trend Micro OfficeScan XG/Worry-Free Business Security server-side request forgery$5k-$25k$0-$5kNot DefinedNot Defined0.04CVE-2021-25236
1692834.84.6Trend Micro Apex One/OfficeScan XG Configuration File access control$5k-$25k$0-$5kNot DefinedNot Defined0.04CVE-2021-25235
1692824.84.6Trend Micro Apex One Configuration File access control$5k-$25k$0-$5kNot DefinedNot Defined0.05CVE-2021-25234
1692814.84.6Trend Micro Apex One access control$5k-$25k$0-$5kNot DefinedNot Defined0.07CVE-2021-25233
1692804.84.6Trend Micro Apex One/OfficeScan XG access control$5k-$25k$0-$5kNot DefinedNot Defined0.03CVE-2021-25232
1692794.84.6Trend Micro Apex One access control$5k-$25k$0-$5kNot DefinedNot Defined0.05CVE-2021-25231
1692784.84.6Trend Micro Apex One/OfficeScan XG access control$5k-$25k$0-$5kNot DefinedNot Defined0.06CVE-2021-25230
1692774.84.6Trend Micro Apex One/OfficeScan XG access control$5k-$25k$0-$5kNot DefinedNot Defined0.05CVE-2021-25229
1692764.84.6Trend Micro Apex One access control$5k-$25k$0-$5kNot DefinedNot Defined0.02CVE-2021-25228
1692754.34.2Trend Micro Antivirus Scanning Engine memory allocation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25227
1692746.96.6Cisco IOS XR/NX-OS IPv6 Access Control List access control$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2021-1389
1692737.87.5Cisco IOS XR Command Line os command injection$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-1370
1692723.53.4Cisco Unified Computing System Registration API certificate validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-1354
1692717.26.9Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow$5k-$25k$5k-$25kNot DefinedOfficial Fix0.03CVE-2021-1348
1692707.26.9Cisco RV016/RV042/RV042G/RV082/RV320/RV325 Web-based Management Interface stack-based overflow$5k-$25k$5k-$25kNot DefinedOfficial Fix0.05CVE-2021-1347

Do you know our Splunk app?

Download it now for free!