Archive 02/10/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1696732.42.3McAfee Endpoint Security ePO Extension cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2021-23881
1696727.47.1McAfee Total Protection Remote Procedure Call privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-23876
1696716.56.3McAfee Total Protection MTP Self-Defense privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-23874
1696707.06.7McAfee Total Protection privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-23873
1696694.44.2McAfee Endpoint Security null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-23883
1696684.34.1McAfee Endpoint Security ENS File privileges management$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-23882
1696674.34.1McAfee Endpoint Security privileges management$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-23880
1696664.14.0McAfee Endpoint Security cleartext storage$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-23878
1696654.44.4Wekan Fieldbleed cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-20654
1696647.67.3GENIVI Diagnostic Log and Trace dlt_common.c dlt_buffer_write_block heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2020-36244
1696638.07.6Monitorr upload.php unrestricted upload$0-$5k$0-$5kProof-of-ConceptNot Defined0.04CVE-2020-28871
1696627.67.2InoERP json_fp.php input validation$0-$5k$0-$5kProof-of-ConceptNot Defined0.05CVE-2020-28870
1696617.36.7Backdoor.Win32.Aphexdoor.LiteSock Service Port 113 moo buffer overflow$0-$5k$0-$5kProof-of-ConceptWorkaround0.03
1696607.36.7Backdoor.Win32.NetTerrorist Service Port 785 improper authentication$0-$5k$0-$5kProof-of-ConceptWorkaround0.05
1696596.36.0Trojan.Win32.Cafelom.bu DNF-II.exe heap-based overflow$0-$5k$0-$5kProof-of-ConceptNot Defined0.03
1696587.36.7Backdoor.Win32.Wollf.15 Service Port 7614 improper authentication$0-$5k$0-$5kProof-of-ConceptWorkaround0.03
1696576.36.0Trojan-Spy.Win32.WinSpy.vwl Service Port 443 permission$0-$5k$0-$5kProof-of-ConceptNot Defined0.03
1696565.34.9Trojan-Spy.Win32.WebCenter.a Service Port 80 web.exe information disclosure$0-$5k$0-$5kProof-of-ConceptWorkaround0.03
1696556.36.0Trojan-Spy.Win32.SpyEyes.awow $Recycle$ permission$0-$5k$0-$5kProof-of-ConceptNot Defined0.00
1696546.36.0Trojan-Spy.Win32.SpyEyes.auwl cleansweep.exe permission$0-$5k$0-$5kProof-of-ConceptNot Defined0.03
1696536.36.0Trojan-Spy.Win32.SpyEyes.auqj wedfsadeex.exe permission$0-$5k$0-$5kProof-of-ConceptNot Defined0.04
1696526.36.0Trojan.Win32.Gentee.h Paltalk permission$0-$5k$0-$5kProof-of-ConceptNot Defined0.03
1696516.36.0Trojan.Win32.Gentee.b WINNT permission$0-$5k$0-$5kProof-of-ConceptNot Defined0.03
1696506.36.0Trojan.Win32.Delf.uq downsoft permission$0-$5k$0-$5kProof-of-ConceptNot Defined0.09
1696496.36.0Email-Worm.Win32.Sircam.eb winupdate.exe permission$0-$5k$0-$5kProof-of-ConceptNot Defined0.08
1696486.36.0Trojan.Win32.Cospet.abg Service Port 2185 dir permission$0-$5k$0-$5kProof-of-ConceptNot Defined0.03
1696476.36.0Trojan.Win32.Comei.pgo dir permission$0-$5k$0-$5kProof-of-ConceptNot Defined0.03
1696466.36.0Backdoor.Win32.RemoteManipulator.brr permission$0-$5k$0-$5kProof-of-ConceptNot Defined0.04
1696457.36.7Backdoor.Win32.NetBull.11.b Service Port 23456 mfc42.dll buffer overflow$0-$5k$0-$5kProof-of-ConceptWorkaround0.03
1696446.36.0Backdoor.Win32.Xyligan.blp FengYun.dll permission$0-$5k$0-$5kProof-of-ConceptNot Defined0.04
1696436.36.3HPE T0986H01 Idelji Web ViewPoint Suite access control$5k-$25k$5k-$25kNot DefinedNot Defined0.09CVE-2021-3191
1696425.55.3Hyper Crate Transfer-Encoding request smuggling$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-26959
1696417.17.1xcb Crate cast_event return value$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-26958
1696406.66.6xcb Crate change_property out-of-bounds read$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-26957
1696395.55.5xcb Crate value Privilege Escalation$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-26956
1696387.67.6xcb Crate name return value$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-26955
1696375.45.2qwutils Crate Clone insert_slice_clone double free$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-26954
1696365.55.3postscript Crate uninitialized pointer$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-26953
1696356.56.2ms3d Crate read uninitialized pointer$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-26952
1696347.67.3calamine Crate set_len heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-26951
1696337.07.0GNU Screen UTF-8 Encoding encoding.c denial of service$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-26937
1696327.17.1SmartFoxServer Console Module javashell.py protection mechanism$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2021-26551
1696314.54.5SmartFoxServer Password server.xml missing encryption$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-26550
1696304.44.4SmartFoxServer AdminTool Console cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-26549
1696294.34.1Siemens SCALANCE W740/SCALANCE W780 ARP allocation of resources$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2021-25666
1696283.93.9HPE 3500/6200/8200 Management Interface denial of service$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-25141
1696278.58.3HPE Moonshot Provisioning Manager khuploadfile.cgi pathname traversal$5k-$25k$5k-$25kNot DefinedWorkaround0.03CVE-2021-25140
1696268.58.3HPE Moonshot Provisioning Manager khuploadfile.cgi stack-based overflow$5k-$25k$5k-$25kNot DefinedWorkaround0.08CVE-2021-25139
1696256.05.8Cscape Project File Parser out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-22663
1696247.37.3HPE T0662H01 Idelji Web ViewPoint Suite authentication replay$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2021-22267

Do you need the next level of professionalism?

Upgrade your account now!