Archive 08/12/2021

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

SapphireIMS11
Foxit Reader9
Foxit PhantomPDF9
NVIDIA Jetson Xavier NX9
NVIDIA Jetson AGX Xavier8

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix55
Temporary Fix0
Workaround0
Unavailable0
Not Defined45

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept0
Unproven0
Not Defined100

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤27
≤32
≤420
≤520
≤625
≤714
≤812
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤27
≤32
≤421
≤519
≤630
≤710
≤811
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k37
<2k32
<5k26
<10k3
<25k2
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k79
<2k16
<5k4
<10k0
<25k1
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1807213.53.5AikCms video_list.php cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-18464
1807203.53.5711cms cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-18460
1807193.53.5DamiCMS cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-18458
1807183.53.5bycms add.html cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-18457
1807173.53.5PbootCMS Parameter SingleController.php mod cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-18456
1807163.53.5bycms Parameter Document.php edit cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-18455
1807153.53.5bycms 1.html cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-18454
1807144.14.1DamiCMS Parameter LabelAction.class.php doadd cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-18451
1807134.44.4yxcmf UKcms Single.php index cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-18449
1807124.14.1yunucms Parameter ContentModel.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-18446
1807114.84.8yunucms Page.php upurl cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-18445
1807104.44.4yxcmf UKcms Comments Section 6.html cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-20977
1807096.36.3FFmpeg mathematics.c assertion$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-38291
1807083.53.5AikCms Video Messages video_list.php cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-18463
1807075.55.5AikCms Background File Management Office poster_edit.php unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-18462
1807066.36.3Gxlcms dataaction.class.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-20975
1807053.53.4GNU C Library librt mq_notify.c null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-38604
1807047.57.2IBM Maximo Asset Management csv injection$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-20509
1807035.55.5EasyCorp ZenTao PMS downloadZipPackage unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-28165
1807028.08.0Netskope Client Privilege Escalation$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-24576
1807015.55.3Qt convertPath out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-38593
1807005.55.3Wasm3 op_Const64 heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2021-38592
1806995.55.5LG Mobile Device Debug Command Privilege Escalation$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2021-38591
1806985.04.8Next.js _error.js redirect$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2021-37699
1806976.36.0RCDCAP Packet memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-37222
1806964.44.4Magicblack Maccms10 Background Search cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-21362
1806955.55.3cPanel WHM Locale Upload xml external entity reference$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-38584
1806945.55.3cPanel WHM Locale Upload deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-38585
1806936.36.1Canon TR150 Print Driver CNMurGE.dll uncontrolled search path$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-38085
1806923.53.5SapphireIMS cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-25562
1806915.55.5NewsOne CMS unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-21976
1806904.64.6Magicblack Maccms10 unknown vulnerability$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-21363
1806895.55.5Magicblack Maccms10 Template Upload unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-21359
1806885.55.5SapphireIMS resource injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2017-16630
1806874.64.4cPanel fix-cpanel-perl unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-38589
1806863.53.4cPanel fix_cpanel_perl code download$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-38588
1806855.55.3cPanel fix-cpanel-perl temp file$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-38587
1806848.07.7Foxit Reader/PhantomPDF Office Document out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-33793
1806833.53.4GPAC Media_RewriteODFrame null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-32440
1806825.55.3GPAC stbl_AppendSize buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-32439

60 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!