Archive 11/02/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1859074.84.6ElkarBackup Add Client cross site scripting$0-$5k$0-$5kProof-of-ConceptNot Defined0.73CVE-2020-35249
1859064.44.3DynPG cross site scripting$0-$5k$0-$5kProof-of-ConceptNot Defined0.73CVE-2020-27406
1859055.04.8Siren Investigate Cluster certificate validation$0-$5k$0-$5kNot DefinedOfficial Fix0.78CVE-2021-36794
1859043.53.4Couchbase Server information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.73CVE-2021-42763
1859035.55.5Sonatype Nexus Repository Manager SSL Certificate access control$0-$5k$0-$5kNot DefinedNot Defined0.78CVE-2021-42568
1859025.35.3Realtek RtsUpx USB Utility Driver RtsUpx.sys access control$0-$5k$0-$5kNot DefinedNot Defined0.78CVE-2021-36924
1859014.34.1Couchbase Server metakv debug log file$0-$5k$0-$5kNot DefinedOfficial Fix0.78CVE-2021-37842
1859005.55.3Nsasoft Product Key Explorer denial of service$0-$5k$0-$5kProof-of-ConceptNot Defined0.59CVE-2021-27723
1858995.55.3Nsasoft SpotAuditor denial of service$0-$5k$0-$5kProof-of-ConceptNot Defined0.64CVE-2021-27722
1858985.35.3Realtek RtsUpx USB Utility Driver USB Device RtsUpx.sys access control$0-$5k$0-$5kNot DefinedNot Defined0.76CVE-2021-36923
1858975.35.3Realtek RtsUpx USB Utility Driver USB Device RtsUpx.sys access control$0-$5k$0-$5kNot DefinedNot Defined0.66CVE-2021-36922
1858965.35.3Realtek RtsUpx USB Utility Driver RtsUpx.sys denial of service$0-$5k$0-$5kNot DefinedNot Defined0.60CVE-2021-36925
1858955.25.1vaadin-menu-bar cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.71CVE-2021-33611
1858944.44.4IBM InfoSphere Information Server Web UI cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.60CVE-2021-29771
1858935.95.7IBM InfoSphere Information Server Data Flow Designer server-side request forgery$5k-$25k$0-$5kNot DefinedOfficial Fix0.50CVE-2021-29738
1858924.84.7IBM InfoSphere Information Server information disclosure$5k-$25k$0-$5kNot DefinedOfficial Fix0.88CVE-2021-29875
1858915.75.6IBM InfoSphere Information Server Data Flow Designer Engine certificate validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.98CVE-2021-29737
1858906.76.5IBM InfoSphere Information Server XML Data xml external entity reference$5k-$25k$0-$5kNot DefinedOfficial Fix1.00CVE-2021-38948
1858895.45.3IBM InfoSphere Information Server cross-site request forgery$5k-$25k$0-$5kNot DefinedOfficial Fix1.46CVE-2021-29888
1858888.58.5SourceCodester Phone Shop Sales Managements System improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.76CVE-2021-36560
1858874.34.1Whale Browser Address Bar clickjacking$0-$5k$0-$5kNot DefinedOfficial Fix0.55CVE-2021-33593
1858865.35.2validator.js Regular Expression denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.64CVE-2021-3765
1858856.96.8Publify Self-Registration improper authorization$0-$5k$0-$5kNot DefinedOfficial Fix0.81CVE-2021-25973
1858846.26.0Replicated Classic redirect$0-$5k$0-$5kNot DefinedOfficial Fix0.74CVE-2021-43058
1858834.84.7Atlassian JIRA Server/Data Center Associated Project AssociatedProjectsForCustomField.jspa cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix1.57CVE-2021-41310
1858827.77.6DHIS 2 API Endpoint trackedEntityInstances sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.50CVE-2021-41187
1858815.45.3McAfee Data Loss Prevention ePO Extension cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.95CVE-2021-31848
1858804.54.4Kodi istream buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.76CVE-2021-42917
1858796.56.4McAfee Data Loss Prevention ePO Extension sql injection$5k-$25k$0-$5kNot DefinedOfficial Fix0.88CVE-2021-31849
1858788.58.4Zoho ManageEngine ManageEngine Log360 Database Configuration access control$0-$5k$0-$5kNot DefinedOfficial Fix0.73CVE-2021-20136
1858777.27.1Hashthemes Demo Importer Plugin uploads access control$0-$5k$0-$5kNot DefinedNot Defined0.70CVE-2021-39333
1858767.67.6Millken DOYOCMS sysupload.php unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined0.65CVE-2021-26740
1858758.08.0Millken DOYOCMS Parameter pay.php sql injection$0-$5k$0-$5kNot DefinedNot Defined0.70CVE-2021-26739
1858745.25.1Social Networks Auto-Poster nxs_class_snap.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.70CVE-2021-38356
1858733.63.6Notification Plugin Settings.php cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.82CVE-2021-39340
1858726.26.2OptinMonster Plugin RestApi.php logged_in_or_has_api_key cross site scripting$0-$5k$0-$5kNot DefinedNot Defined1.16CVE-2021-39341
1858713.63.5Google Maps Easy Plugin mgrEditMarkerGroup.php cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.96CVE-2021-39346

Want to stay up to date on a daily basis?

Enable the mail alert feature now!