Archive 03/19/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1714884.44.4Ovation Dynamic Content cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-3327
1714877.67.3Kramdown Route Formatter Formatters Privilege Escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-28834
1714865.35.3BusyBox gzip Data decompress_gunzip.c huft_build exceptional condition$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-28831
1714854.94.7Western Digital ArmorLock App improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-28653
1714844.84.6TranzWare e-Commerce Payment Gateway index.jsp cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-28126
1714836.96.6TranzWare e-Commerce Payment Gateway XML Parser exec xml external entity reference$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-28110
1714824.84.6TranzWare FIMI login_tw.php cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-28109
1714814.84.6Tor Proxy assertion$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2021-28090
1714805.95.6Tor Proxy Directory Protocol resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-28089
1714796.76.4MariaDB untrusted search path$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-27928
1714786.76.6MikroTik RouterOS RSC File export command injection$0-$5k$0-$5kNot DefinedWorkaround0.08CVE-2021-27221
1714777.67.5ozum eslint-fixer os command injection$0-$5k$0-$5kNot DefinedWorkaround0.03CVE-2021-26275
1714765.55.3Pillow SGIRleDecode.c out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-25293
1714755.04.8Pillow PDF Parser incorrect regex$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25292
1714745.55.3Pillow TiffDecode.c TiffreadRGBATile out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-25291
1714736.56.2Pillow Offset TiffDecode.c memcpy out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-25290
1714727.67.3Pillow YCbCr File TiffDecode heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-25289
1714715.95.6shescape _Shescape_ argument injection$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-21384
1714704.84.8Zen Cart tpl_main_page.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-6578
1714697.67.6IT-Recht Kanzlei Plugin itrk-api.php rechtstext_language sql injection$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2020-6577
1714687.06.7Squid Web Proxy Config Setting uri_whitespace request smuggling$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-25097
1714675.75.7QEMU NIC stack-based overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2021-3416
1714664.84.6transformers Markdown cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-28796
1714657.67.3ShellCheck shellcheck.executablePath Privilege Escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-28794
1714647.57.2Swift Development Environment Extension Workspace Remote Code Execution$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-28792
1714637.06.7SwiftFormat Workspace Remote Code Execution$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-28791
1714627.06.7Microsoft Workspace Remote Code Execution$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-28790
1714617.06.7Apple swift-format Workspace Remote Code Execution$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-28789
1714604.84.8Acexy Wireless-N WiFi Repeater SSID cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-28160
1714594.44.3Concrete CMS Survey Block cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-28145
1714586.46.4Exacq exacqVision Web Service information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-27656
1714574.84.8Advantech WebAccess/SCADA cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-27436
1714566.46.1Grafana Snapshot denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-27358
1714553.93.9SeedDMS out.EditFolder.php cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2021-26216
1714543.93.9SeedDMS out.EditDocument.php cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2021-26215
1714535.85.6JetBrains PhpStorm Debug Log source code$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-25764
1714527.87.5Rockwell Automation DriveTools SP/Drives AOP uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-22665
1714514.44.3ExWiki.js Mustache Expression cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-21383
1714507.26.9Cisco RV132W ADSL2+/RV134W VDSL2 Web-based Management Interface stack-based overflow$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-1287
1714497.07.0Zoho ManageEngine Desktop Central MSP DLL dcinventory.exe uncontrolled search path$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-9367
1714485.45.4Redash ldap injection$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2020-36144
1714477.06.7Cairo image-compositor image-compositor.c out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-35492
1714465.55.5openvswitch LLDP Packet resource consumption$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-27827
1714456.56.3Softaculous Data Store access control$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-26886
1714446.56.2MediaArea MediaInfo ChooseParser_ChannelGrouping heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-26797
1714435.55.5Utimaco SecurityServer Environment Variable permission$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-26155
1714426.36.3Rockwell Automation FactoryTalk Services Platform unknown vulnerability$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-14516
1714414.94.9Red Hat Quay Web Application session expiration$5k-$25k$5k-$25kNot DefinedNot Defined0.09CVE-2019-3867
1714405.65.6Red Hat 3scale API Management Platform apicast inadequate encryption$5k-$25k$0-$5kNot DefinedNot Defined0.02CVE-2019-14852
1714395.05.0nbdkit denial of service$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2019-14851

Do you need the next level of professionalism?

Upgrade your account now!