Archive 04/15/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

1731105.35.1Apache Tapestry AppModule.class deserialization$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-27850
1731096.36.0PHPGurukul Beauty Parlour Management System add-services.php sql injection$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2021-27545
1731083.53.5PHPGurukul Beauty Parlour Management Syste add-services.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-27544
1731074.44.4CASAP Automated Enrollment System Students cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-27129
1731067.87.5McAfee Data Loss Prevention hdlphook Driver privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-23887
1731055.55.3McAfee Data Loss Prevention hdlphook Driver denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-23886
1731042.42.3McAfee Content Security Reporter ePO Extension cleartext transmission$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-23884
1731035.35.1Google Android pb_encode.c pb_write out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2021-0488
1731023.73.6McAfee Endpoint Security/Global Threat Intelligence DNS cleartext transmission$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-7308
1731013.33.2McAfee Advanced Threat Defense HTTP Request Parameter information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-7270
1731003.53.4McAfee Advanced Threat Defense HTTP Request Parameter information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-7269
1730995.55.3Adobe Digital Editions access control$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21100
1730983.13.0Zulip Server Topic Moving API permission assignment$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-30487
1730975.45.2Zulip Server all_public_streams API access control$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-30479
1730964.94.7Zulip Server permission$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-30478
1730954.94.7Zulip Server Webhook access control$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-30477
1730946.36.0Jazzband Django Debug Toolbar SQL Panel sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-30459
1730934.34.3Intelbras WIN 300/WRN 342 source code$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-3017
1730926.36.0AjaxSearchPro Administration Panel deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-29654
1730915.35.3Pi-hole privileges management$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-29449
1730903.53.4Deark fmtutil.c divide by zero$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2021-28856
1730894.54.3Deark deark-dbuf.c dbuf_write null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-28855
1730887.87.5TIBCO Messaging Eclipse Mosquitto Distribution Installation access control$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-28826
1730875.55.3TIBCO Messaging Eclipse Mosquitto Distribution Installation access control$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-28825
1730863.53.4YubiHSM yubihsm-connector Endpoint infinite loop$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2021-28484
1730854.74.5Devolutions Server/Server LTS delete sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-28157
1730845.85.8Group Office URL Parameter upload.php server-side request forgery$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-28060
1730836.36.0Devolutions Server/Server LTS HTML Page unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-28048
1730826.36.3TOTOLINK X5000R/A720R HTTP Request os command injection$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-27710
1730816.36.3TOTOLINK X5000R/A720R HTTP Request os command injection$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-27708
1730802.32.3Parallels Desktop Toolgate out-of-bounds read$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-27260
1730797.87.8Parallels Desktop Toolgate integer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-27259
1730787.37.3SolarWinds Orion Platform SaveUserSetting Endpoint access control$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-27258
1730778.88.8Netgear Nighthawk R7800 apply_bind.cgi heap-based overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2021-27253
1730768.88.8Netgear R7800 DHCP os command injection$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2021-27252
1730757.57.5Netgear Nighthawk R7800 Update cleartext transmission$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2021-27251
1730744.34.3D-Link DAP-2020 CGI Script file inclusion$5k-$25k$5k-$25kNot DefinedOfficial Fix0.04CVE-2021-27250
1730738.88.8D-Link DAP-2020 CGI Script os command injection$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2021-27249
1730728.88.4D-Link DAP-2020 CGI Script stack-based overflow$25k-$100k$5k-$25kNot DefinedNot Defined0.00CVE-2021-27248
1730714.34.3Tencent WeChat Desktop out-of-bounds read$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-27247
1730708.88.8TP-LINK Archer A7 AC1750 tdpServer Endpoint stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-27246
1730696.36.0Alt-N MDaemon Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-27183
1730684.94.7Alt-N MDaemon Worldclient injection$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-27182
1730673.53.4Alt-N MDaemon cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-27181
1730663.53.4Alt-N MDaemon Worldclient cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-27180
1730653.73.6Atlassian JIRA Server/Data Center Cookie missing secure attribute$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-26076
1730644.34.1Atlassian JIRA Server/Data Center Jira Importers Plugin information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-26075
1730635.55.5Joomla! Module Layout Settings Privilege Escalation$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2021-26031
1730623.53.5Joomla! Error Page cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-26030
1730613.53.4Atlassian JIRA Server/Data Center Issue Navigation/Search View cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-36288

Might our Artificial Intelligence support you?

Check our Alexa App!