Archive 06/17/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1772114.34.3Fiyo CMS Parameter cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-35373
1772103.53.2IPFire Captive Portal cross site scripting$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.07CVE-2020-19202
1772095.65.4lutils Prototype merge code injection$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-23396
1772083.53.4Wagtail Template Tag cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-32681
1772076.35.7Elemin Themify Framework themify-ajax.php unrestricted upload$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2013-20002
1772066.36.0IBM AIX Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-29706
1772054.34.3Trend Micro InterScan Web Security Virtual Appliance Captive Portal cross site scripting$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2021-31521
1772044.34.3Quassel x.509 Certificate cryptographic issues$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-34825
1772035.35.1Intel Brand Verification Tool permission$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-0143
1772025.55.5Open Design Alliance Drawings SDK DGN File out-of-bounds write$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-32952
1772015.55.3Open Design Alliance Drawings SDK DXF File out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-32950
1772005.55.3Open Design Alliance Drawings SDK out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-32948
1771995.55.5Open Design Alliance Drawings SDK DGN File out-of-bounds read$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-32946
1771985.55.3Open Design Alliance Drawings SDK DWG File Recovery out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-32940
1771973.53.4Open Design Alliance Drawings SDK DWG File out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-32938
1771965.55.3Open Design Alliance Drawings SDK DXF File out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-32936
1771956.36.3Octopus Server Events REST API sql injection$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-31818
1771945.55.3Open Design Alliance Drawings SDK DGN use after free$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-32944
1771935.04.8ConnectWise Automate Core Agent Inventory Communication sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-32582
1771923.53.4EIP Stack Group OpENer UDP out-of-bounds read$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-21777
1771915.65.4PHPMailer validateAddress injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-3603
1771903.53.4Linux Kernel personal-pci.c out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-32078
1771896.36.3Monstra file inclusion$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-25414
1771883.53.5PageKit SVG File cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-32245
1771875.35.1D-Link DIR-2640-US BSS Section out-of-bounds read$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-34201
1771866.36.1D-Link DIR-2640-US PPPoE hard-coded password$5k-$25k$5k-$25kNot DefinedNot Defined0.07CVE-2021-34203
1771854.34.1Matrix-Appservice-Bridge Room Upgrade missing authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-32659
1771843.53.4Moodle cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-32244
1771837.37.0Apollos Apps New User authentication bypass$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-32691
1771823.73.6Helm information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-32690
1771816.36.3FOGProject unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-32243
1771807.37.3GE Reason RPV311 Firmware hard-coded credentials$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-31477
1771796.36.3Foxit PhantomPDF XFA Template type confusion$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2021-31476
1771783.13.1Enphase Envoy Custom PAM Module info.xml improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-25754
1771773.13.1Enphase Envoy info.xml improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-25753
1771763.13.1Enphase Envoy Web-Panel info.xml unknown vulnerability$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-25752
1771755.35.1D-Link AC2600 out-of-bounds read$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-34202
1771744.34.1Matrix libolm olm_pk_decrypt stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2021-34813
1771736.86.6D-Link DIR-2640-US Serial Port access control$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2021-34204
1771726.36.3Enphase Envoy upgrade_start Privilege Escalation$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2020-25755
1771716.36.174cms wap-company-show.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-22212
1771706.36.174cms ajax_street.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-22211
1771696.36.174cms ajax_officebuilding.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-22210
1771686.36.174cms ajax_common.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-22209
1771676.36.174cms ajax_street.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-22208
1771666.36.1PHPCMS job.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-22203
1771656.36.1Shopex EcShop affiliate_ck.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-22206
1771646.36.1Shopex EcShop shophelp.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-22205
1771636.35.7Shopex EcShop flow.php sql injection$0-$5k$0-$5kProof-of-ConceptNot Defined0.05CVE-2020-22204
1771624.34.1Cisco AnyConnect Secure Mobility Client VPN Agent Service memory allocation$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-1568

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!