Archive 05/21/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1754716.36.0Synology DiskStation Manager Netatalk heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-31439
1754709.89.8SolarWinds Network Performance Monitor deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2021-31474
1754696.36.3Foxit Reader browseForDoc out-of-bounds write$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-31473
1754686.36.3SolarWinds Orion Job Scheduler JobRouterService WCF Service permission assignment$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-31475
1754675.04.8Zope Module path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-32633
1754668.88.4Linux Kernel eBPF calculation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2021-31440
1754653.83.8STMicroelectronics STM32L4 access control$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-29414
1754641.81.8Nordic Semiconductor nRF52840 Boot injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-27211
1754632.62.6STMicroelectronics STM32L4 RDP Level injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-27212
1754622.62.5SoloKeys Solo/Somu RDP Level initialization$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-27208
1754612.62.6ARM TrustZone CryptoCell 310 NordicSemiconductor nRF52840 information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2021-29415
1754602.62.6Nitrokey FIDO U2F Firmware cleartext transmission$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2020-12061
1754596.36.0QNAP QTS/QuTS Hero path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-28798
1754584.34.1Linaro Trusted Firmware-M Cryptographic Library abort memory leak$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-32032
1754573.53.2Plone CMS File Upload cross site scripting$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2021-3313
1754562.42.3Pajbot cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-32632
1754553.53.4Zoho ManageEngine ADSelfService Plus directory-search cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-27956
1754543.53.4OpenNMS Horizon/OpenNMS Meridian validateFormInput cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-25933
1754533.53.4OpenNMS Horizon/OpenNMS Meridian updateUser cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-25931
1754523.53.4OpenNMS Horizon/OpenNMS Meridian cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-25930
1754513.53.4OpenNMS Horizon/OpenNMS Meridian cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-25929
1754502.62.6DoraCMS random values$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-18220
1754494.34.1slapi-nis Binding DN null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-3480
1754485.55.5libyang lys_node_free assertion$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-28905
1754473.53.5libyang lyxml_parse_mem denial of service$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-28903
1754464.94.9Emerson Rosemount X-STREAM Gas Analyzer Web Interface improper restriction of rendered ui layers$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-27467
1754453.53.5Emerson Rosemount X-STREAM Gas Analyzer Webpage cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-27465
1754445.55.5Emerson Rosemount X-STREAM Gas Analyzer Webserver path traversal$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-27461
1754435.55.5Emerson Rosemount X-STREAM Gas Analyzer Webserver unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-27459
1754423.13.1Emerson Rosemount X-STREAM Gas Analyzer inadequate encryption$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-27457
1754415.55.5OPC Foundation OPC UA Client/Server SDK Bundle Recursion stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-27434
1754405.55.3OPC Foundation UA .NET Standard/UA .NET Legacy Recursion stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-27432
1754396.36.0dns-packet buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-23386
1754382.62.6Huawei ManageOne Module denial of service$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-22409
1754373.53.5Huawei ManageOne Verification denial of service$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-22339
1754363.53.5Halo Post Publish cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-21345
1754352.62.5Bouncy Castle BC Java/BC C#/BC-FJA/BC-FNA EC Math Library timing discrepancy$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-15522
1754343.53.4Red Hat WildFly Domain Mode cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-3536
1754336.66.6homee Brain Cube USB Firmware Update Local Privilege Escalation$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-24395
1754323.53.5libyang read_yin_leaf denial of service$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-28906
1754313.53.5libyang ext_get_plugin denial of service$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-28904
1754303.53.5libyang read_yin_container denial of service$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-28902
1754294.34.3Emerson Rosemount X-STREAM Gas Analyzer Session Cookie information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-27463
1754282.62.6micro-ecc Library ECDSA information exposure$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-27209
1754274.34.3homee Brain Cube Firmware Image cleartext storage$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-24396
1754265.55.5HP LaserJet Software Driver buffer overflow$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2021-3438
1754256.36.3rxvt-unicode/rxvt/mrxvt/Eterm Escape injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-33477
1754244.34.3ownCloud API Endpoint information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-29659
1754236.36.0Envoy HTTP2 Metadata assertion$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-29258
1754224.34.3Envoy TLS null pointer dereference$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-28683

Do you want to use VulDB in your project?

Use the official API to access entries easily!