Archive 05/07/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

1747145.65.4Nim Standard Library certificate validation$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-29495
1747135.55.5Texas Instruments SimpleLink Wi-Fi MSP432E4 SDK MCU API integer overflow$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-22677
1747126.36.3IBM Robotic Process Automation with Automation Anywhere Remote Code Execution$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-4901
1747114.34.1Advantech WISE-PaaS RMM WISE-PaaS Dashboard improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-27437
1747106.36.0Texas Instruments SimpleLink Wi-Fi MSP432E4 SDK Over-the-Air Firmware Update stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-22673
1747097.37.0Texas Instruments SimpleLink Wi-Fi MSP432E4 SDK Domain Name integer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-22671
1747085.45.2SABnzbd PAR2 File filesystem.renamer path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-29488
1747075.35.1Eventlet Compressed Data resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-21419
1747063.33.3Avahi Hostname Resolution avahi_s_host_name_resolver_start null pointer dereference$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-3502
1747053.53.4LivingLogic XIST4C Login login.htm cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-26123
1747043.53.4LivingLogic XIST4C Feedback feedback.htm cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-26122
1747037.37.0Proofpoint Enterprise Protection Email Message PoD Remote Code Execution$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-14009
1747026.36.0Texas Instruments SimpleLink Wi-Fi MSP432E4 SDK HTTP Header integer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-22679
1747017.26.9Texas Instruments SimpleLink Wi-Fi CC3100 Over-the-Air Firmware Update File integer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-22675
1747006.36.0VMware vRealize Business for Cloud Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-21984
1746996.36.3PAX Technology PAXSTORE XML Data xml external entity reference$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-36124
1746983.53.4Junhe Omnidirectional Communication System Picture Preview Page cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-30172
1746973.53.4Junhe ERP POS News Page cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-30171
1746963.53.4Junhe ERP POS Customer Profile Page cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-30170
1746956.36.0Junhe Omnidirectional Communication System path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-30173
1746943.73.7PAX Technology PAXSTORE Session Token information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2020-36128
1746933.53.5PAX Technology PAXSTORE PUK Signature information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-36127
1746926.36.3PAX Technology PAXSTORE Marketplace Endpoint access control$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2020-36126
1746916.36.3PAX Technology PAXSTORE Endpoint access control$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-36125
1746903.53.5StackLift LocalStack cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-32091
1746895.55.5StackLift LocalStack Dashboard os command injection$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-32090
1746885.55.3Atlassian Confluence Server Team Calendar server-side request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-29445
1746873.53.4Atlassian Confluence Server Team Calendar cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-29444
1746863.53.5NSA Emissary ConfigFileAction information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-32093
1746853.53.5NSA Emissary cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-32092
1746843.53.4HashiCorp vault-action GitHub Action log file$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-32074
1746837.87.5Qualcomm Snapdragon Auto FastRPC Driver use after free$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-1927
1746827.57.2Qualcomm Snapdragon Auto Group Management Action Frame denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-1925
1746817.87.5Qualcomm Snapdragon Auto NDP Application Information buffer overflow$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-1915
1746807.37.0Qualcomm Snapdragon Auto double free$5k-$25k$5k-$25kNot DefinedOfficial Fix0.03CVE-2021-1910
1746795.55.3Qualcomm Snapdragon Auto GPU Address allocation of resources$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-1906
1746787.87.5Qualcomm Snapdragon Auto Memory Mapping use after free$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-1905
1746776.86.5Qualcomm Snapdragon Consumer IOT Image Flashing integer overflow$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-1895
1746767.87.5Qualcomm Snapdragon Auto Audio Driver use after free$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-1891
1746757.87.5Qualcomm Snapdragon Auto Camera use after free$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-11295
1746745.35.1Qualcomm Snapdragon Auto Logging out-of-bounds write$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-11294
1746734.24.0Qualcomm Snapdragon Auto Widevine TA out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-11293
1746727.87.5Qualcomm Snapdragon Auto TZ Command out-of-bounds write$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-11289
1746717.87.5Qualcomm Snapdragon Auto Playready out-of-bounds write$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-11288
1746707.37.0Qualcomm Snapdragon Auto RTCP Packet buffer overflow$5k-$25k$5k-$25kNot DefinedOfficial Fix0.03CVE-2020-11285
1746695.35.1Qualcomm Snapdragon Auto SDES Packet memory corruption$5k-$25k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-11279
1746687.57.2Qualcomm Snapdragon Auto Modem denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-11274
1746676.56.2Qualcomm Snapdragon Auto Histogram null pointer dereference$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-11273
1746665.35.1Qualcomm Snapdragon Auto/Snapdragon Mobile SIB1 denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-11268
1746655.55.3Qualcomm Snapdragon Auto CTX Pointer memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-11254

Do you need the next level of professionalism?

Upgrade your account now!