Archive 03/23/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1715834.84.6OpenEMR cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-25922
1715824.84.6OpenEMR Allergies cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-25921
1715816.05.7OpenEMR Create New User access control$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-25920
1715803.63.4OpenEMR Create New User cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-25919
1715793.63.4OpenEMR Create New User cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-25918
1715783.63.4OpenEMR Create New User cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-25917
1715775.45.4Huawei Secospace USG9500 use after free$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2021-22321
1715766.56.5Huawei ManageOne access control$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2021-22314
1715753.53.4TYPO3 Page Module cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21370
1715746.46.1TYPO3 information exposure$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21359
1715733.53.4TYPO3 Form Designer Backend Module cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21358
1715726.36.0TYPO3 Form Designer Backend Module unrestricted upload$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-21357
1715717.37.0TYPO3 unrestricted upload$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-21355
1715706.86.5XStream deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-21351
1715697.47.1XStream deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-21350
1715686.86.5XStream deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-21349
1715675.35.1XStream deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-21348
1715667.47.1XStream deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-21347
1715657.47.1XStream deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-21346
1715647.47.1XStream deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-21345
1715637.47.1XStream deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-21344
1715626.26.0XStream deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-21343
1715617.06.7XStream server-side request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-21342
1715605.35.1XStream denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21341
1715593.53.4TYPO3 Database Field cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21340
1715585.65.4TYPO3 User Session cleartext storage$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-21339
1715576.25.9TYPO3 Login Handling redirect$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-21338
1715568.38.0Linux Kernel RPA PCI Hotplug Driver rpadlpar_sysfs.c buffer overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2021-28972
1715556.05.8Linux Kernel PEBS Status ds.c intel_pmu_drain_pebs_nhm denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-28971
1715544.44.3PunBB BBcode Tag cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-28968
1715535.95.6Grafana Enterprise Usage Insights HTTP API Endpoint denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-28148
1715526.05.7Grafana Enterprise Team Sync HTTP API improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-28147
1715516.05.7Grafana Enterprise HTTP API access control$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-28146
1715506.76.4Grafana Enterprise Dashboard permission$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-27962
1715493.83.7SAP 3D Visual Enterprise Viewer 3DS File denial of service$5k-$25k$0-$5kNot DefinedNot Defined0.03CVE-2021-27596
1715483.83.7SAP 3D Visual Enterprise Viewer PDF File denial of service$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-27595
1715473.83.7SAP 3D Visual Enterprise Viewer BMP File denial of service$5k-$25k$0-$5kNot DefinedNot Defined0.03CVE-2021-27594
1715463.83.7SAP 3D Visual Enterprise Viewer GIF File denial of service$5k-$25k$0-$5kNot DefinedNot Defined0.03CVE-2021-27593
1715454.14.14images Admin Login Panel cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-27308
1715446.96.6HPE Network Orchestrator sql injection$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-26578
1715438.07.7Apache OFBiz deserialization$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-26295
1715427.57.2Sophos Connect Client Website Remote Code Execution$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-25265
1715415.55.5Huawei Secospace USG6600 Message denial of service$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-22320
1715405.95.9Huawei ManageOne permission$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2021-22311
1715393.93.9Huawei Secospace USG9500 log file$5k-$25k$0-$5kNot DefinedNot Defined0.07CVE-2021-22310
1715385.05.0Huawei USG9500/USG9520/USG9560/USG9580 random values$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-22309
1715375.55.5Huawei Secospace SG9500 Packet denial of service$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-9213
1715365.05.0Huawei USG9500 information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-9212
1715355.55.5Huawei eUDC660 information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-9206
1715346.26.2IBM Planning Analytics server-side request forgery$5k-$25k$5k-$25kNot DefinedNot Defined0.10CVE-2020-4882

Do you want to use VulDB in your project?

Use the official API to access entries easily!