Archive 02/06/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

1693553.53.5Jenzabar Search cross site scripting$0-$5k$0-$5kNot DefinedNot Defined3.18CVE-2021-26723
1693543.53.5Micro Focus Application Performance Management cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined2.24CVE-2021-22500
1693533.53.5Micro Focus Application Performance Management cross site scripting$0-$5k$0-$5kNot DefinedNot Defined2.71CVE-2021-22499
1693525.55.5Huawei Mate 30 Module out-of-bounds read$5k-$25k$0-$5kNot DefinedNot Defined3.71CVE-2021-22306
1693515.55.5Huawei Mate 30 Module buffer overflow$5k-$25k$0-$5kNot DefinedNot Defined3.94CVE-2021-22305
1693505.55.5Huawei Taurus-AL00A Module use after free$5k-$25k$0-$5kNot DefinedNot Defined3.36CVE-2021-22304
1693495.55.5Huawei Taurus-AL00A Multi-Thread double free$5k-$25k$0-$5kNot DefinedNot Defined0.94CVE-2021-22303
1693485.55.5Huawei Taurus-AL00A Module out-of-bounds read$5k-$25k$0-$5kNot DefinedNot Defined1.06CVE-2021-22302
1693473.53.5Huawei eCNS280_TD Temporary Files information disclosure$0-$5k$0-$5kNot DefinedNot Defined1.00CVE-2021-22300
1693465.35.3Huawei ManageOne/NFV_FusionSphere/SMC/iMaster MAE-M access control$5k-$25k$0-$5kNot DefinedNot Defined0.88CVE-2021-22299
1693455.55.5Huawei ManageOne sql injection$5k-$25k$0-$5kNot DefinedNot Defined0.86CVE-2021-22298
1693443.53.5Huawei Campusesight/ManageOne/Taurus-AL00A HTTP Request information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.92CVE-2021-22293
1693434.34.3Huawei eCNS280 Message resource consumption$0-$5k$0-$5kNot DefinedNot Defined1.04CVE-2021-22292
1693425.55.5Huawei ManageOne CSV csv injection$5k-$25k$0-$5kNot DefinedNot Defined0.92CVE-2020-9205
1693415.55.5Huawei AIS-BW80H-00 improper validation of integrity check value$5k-$25k$0-$5kNot DefinedNot Defined0.83CVE-2020-9118
1693403.53.5Asus RT-AX3000 Login Error denial of service$0-$5k$0-$5kNot DefinedNot Defined1.32CVE-2021-3229
1693393.53.5LinkedIn Oncall Messages query cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.69CVE-2021-26722
1693383.33.3Huawei Mate 30 risky encryption$0-$5k$0-$5kNot DefinedNot Defined0.75CVE-2021-22307
1693376.86.8Huawei Mate 30 buffer overflow$5k-$25k$0-$5kNot DefinedNot Defined0.69CVE-2021-22301
1693363.53.5Helm injection$0-$5k$0-$5kNot DefinedOfficial Fix0.69CVE-2021-21303
1693354.34.3ImageMagick gem.c divide by zero$0-$5k$0-$5kNot DefinedOfficial Fix0.69CVE-2021-20176
1693343.83.8NVIDIA GeForce Experience GameStream rxdiag.dll denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.81CVE-2021-1072
1693336.36.0Epson iProjection Driver File EMP_MPAU.sys null pointer dereference$0-$5k$0-$5kProof-of-ConceptNot Defined1.49CVE-2020-9453
1693326.56.2Epson iProjection Device Driver EMP_NSAU.sys denial of service$0-$5k$0-$5kProof-of-ConceptNot Defined1.44CVE-2020-9014
1693315.05.0Tenable Nessus AMI certificate validation$0-$5k$0-$5kNot DefinedNot Defined0.86CVE-2020-5812
1693306.36.3PDF2JSON PDF File buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.52CVE-2020-18750
1693296.36.3Red Hat Enterprise Linux dnsmasq access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.75CVE-2020-14312
1693287.87.4Max Secure Max Spyware Detector Driver MaxProc64.sys memory corruption$0-$5k$0-$5kProof-of-ConceptNot Defined0.46CVE-2020-12122
1693273.53.5Oppo Phone information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.69CVE-2020-11836
1693265.55.5Zulip Desktop Request permission$0-$5k$0-$5kNot DefinedOfficial Fix0.35CVE-2020-10858
1693256.36.3Zulip Desktop shell.openItem Remote Privilege Escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.52CVE-2020-10857
1693243.13.1Psyprax Password inadequate encryption$0-$5k$0-$5kNot DefinedOfficial Fix0.29CVE-2020-10554
1693236.36.3Psyprax Lockscreen PPScreen.ini permission$0-$5k$0-$5kNot DefinedOfficial Fix0.40CVE-2020-10553
1693226.36.3Psyprax Firebird Database access control$0-$5k$0-$5kNot DefinedOfficial Fix0.58CVE-2020-10552
1693214.34.3New Media Smarty data.mdb inadequate encryption$0-$5k$0-$5kNot DefinedOfficial Fix0.35CVE-2020-10375
1693205.75.1IObit Advanced SystemCare Device Driver AscRegistryFilter.sys denial of service$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.03CVE-2020-10234

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!