Archive 04/21/2021

Type

Not Defined131
Database Software59
Cloud Software35
Enterprise Resource Planning Software26
Virtualization Software20

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Oracle MySQL Server43
Oracle VM VirtualBox20
Oracle iStore11
Oracle Database10
Oracle WebLogic Server10

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix391
Temporary Fix0
Workaround0
Unavailable0
Not Defined0

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept2
Unproven0
Not Defined389

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤23
≤36
≤49
≤546
≤631
≤765
≤8111
≤986
≤1034

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤23
≤36
≤411
≤544
≤660
≤772
≤8145
≤924
≤1026

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k1
<2k2
<5k59
<10k96
<25k180
<50k18
<100k16
≥100k19

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k113
<2k48
<5k84
<10k108
<25k15
<50k23
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1737174.44.2Oracle VM VirtualBox Core denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-2312
1737164.74.5Oracle VM VirtualBox Core information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-2291
1737155.35.1Oracle VM VirtualBox Core information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-2297
1737145.35.1Oracle VM VirtualBox Core information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-2296
1737136.05.7Oracle VM VirtualBox Core information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-2266
1737126.05.7Oracle VM VirtualBox Core information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-2306
1737117.16.8Oracle VM VirtualBox Core information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-2287
1737107.16.8Oracle VM VirtualBox Core unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-2286
1737097.16.8Oracle VM VirtualBox Core information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-2285
1737087.16.8Oracle VM VirtualBox Core unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-2284
1737077.16.8Oracle VM VirtualBox Core information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-2283
1737067.16.8Oracle VM VirtualBox Core information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-2282
1737057.16.8Oracle VM VirtualBox Core unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-2281
1737047.16.8Oracle VM VirtualBox Core information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-2280
1737037.47.1Oracle Secure Global Desktop OpenSSL certificate validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-3450
1737027.57.2Oracle VM VirtualBox Core Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-2310
1737017.57.2Oracle VM VirtualBox Core Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-2145
1737007.57.2Oracle VM VirtualBox Core Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.09CVE-2021-2309
1736998.17.7Oracle VM VirtualBox Core Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2021-2279
1736988.27.8Oracle VM VirtualBox Core Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-2250
1736978.48.0Oracle VM VirtualBox Core unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-2264
1736969.69.2Oracle Secure Global Desktop Client Remote Code Execution$100k and more$25k-$100kNot DefinedOfficial Fix0.05CVE-2021-2221
17369510.09.5Oracle Secure Global Desktop Server Remote Code Execution$100k and more$25k-$100kNot DefinedOfficial Fix0.00CVE-2021-2248
17369410.09.5Oracle Secure Global Desktop Gateway Remote Code Execution$100k and more$25k-$100kNot DefinedOfficial Fix0.09CVE-2021-2177
1736937.37.0Oracle Utilities Framework General deserialization$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2019-10086
1736927.57.2Oracle Utilities Framework General xml external entity reference$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-25649
1736917.57.2Oracle Utilities Framework General unknown vulnerability$5k-$25k$5k-$25kNot DefinedOfficial Fix0.06CVE-2020-11979
1736909.08.6Oracle Utilities Framework Securty Remote Code Execution$100k and more$25k-$100kNot DefinedOfficial Fix0.05CVE-2020-28052
1736899.89.4Oracle Utilities Framework General cross site scripting$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2019-17495
1736881.81.8Oracle ZFS Storage Appliance Kit Installation unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2021-2147
1736872.52.4Oracle ZFS Storage Appliance Kit Core unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-2149
1736866.15.8Oracle Solaris Kernel unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-2192
1736857.87.5Oracle Solaris Common Desktop Environment Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-2167
17368410.09.5Oracle ZFS Storage Appliance Kit Operating System Image privileges management$100k and more$25k-$100kNot DefinedOfficial Fix0.05CVE-2020-1472
1736834.94.7Oracle OSS Support Tools Diagnostic Assistant information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-2303
1736827.37.0Oracle Agile PLM Security deserialization$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-10086
1736817.37.0Oracle Agile Product Lifecycle Management Integration Pack for SAP: Design to Release Core deserialization$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-10086
1736807.37.0Oracle Agile Product Lifecycle Management Integration Pack for E-Business Suite Installer deserialization$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-10086
1736799.18.7Oracle Advanced Supply Chain Planning Core unknown vulnerability$100k and more$25k-$100kNot DefinedOfficial Fix0.04CVE-2021-2253
1736789.89.4Oracle Rapid Planning User interface Remote Code Execution$100k and more$25k-$100kNot DefinedOfficial Fix0.00CVE-2019-2904
1736774.13.9Oracle Storage Cloud Software Appliance Management Console information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.09CVE-2021-2257
1736769.18.7Oracle Cloud Infrastructure Storage Gateway Management Console Privilege Escalation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2021-2320
1736759.18.7Oracle Cloud Infrastructure Storage Gateway Management Console Privilege Escalation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2021-2319
1736749.18.7Oracle Cloud Infrastructure Storage Gateway Management Console Privilege Escalation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-2318
17367310.09.5Oracle Storage Cloud Software Appliance Management Console Remote Code Execution$100k and more$25k-$100kNot DefinedOfficial Fix0.06CVE-2021-2256
17367210.09.5Oracle Cloud Infrastructure Storage Gateway Management Console Remote Code Execution$100k and more$25k-$100kNot DefinedOfficial Fix0.05CVE-2021-2317
1736713.73.6Oracle Siebel UI Framework EAI information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-9488
1736706.15.8Oracle Siebel UI Framework UIF Open UI cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-11358
1736696.15.8Oracle Siebel UI Framework UIF Open UI cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-7103
1736686.15.8Oracle Siebel Apps Customizable Prod/Configurator cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-9281

341 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!