Archive 11/19/2021

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

MediaTek MT687320
MediaTek MT688520
MediaTek MT688920
MediaTek MT689319
MediaTek MT687717

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix89
Temporary Fix0
Workaround0
Unavailable0
Not Defined24

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept5
Unproven0
Not Defined108

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤30
≤413
≤517
≤625
≤748
≤89
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤412
≤517
≤625
≤752
≤84
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k31
<2k22
<5k30
<10k19
<25k8
<50k0
<100k3
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k68
<2k19
<5k23
<10k0
<25k3
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1871813.12.8Microsoft Edge unknown vulnerability$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.05CVE-2021-42308
1871804.23.8Microsoft Edge unknown vulnerability$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.06CVE-2021-43221
1871793.12.8Microsoft Edge unknown vulnerability$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.00CVE-2021-43220
1870345.05.0kimai2 cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-3976
1870334.34.2kimai2 cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-3963
1870324.14.1kimai2 cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-3957
1870316.16.1Team Password Manager Import cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-44036
1870305.55.0SAS Intrnet DS2CSF Macro file inclusion$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2021-41569
1870294.54.5grav-plugin-admin Web Page Generation cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-3920
1870285.65.6snipe-it Web Page Generation cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-3961
1870276.56.4django-helpdesk Web Page Generation cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2021-3950
1870265.55.3Team Password Manager password recovery$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-44037
1870256.36.1ImageMagick use after free$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-3962
1870243.53.4Greenplum Database log file$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-22030
1870237.37.0Suricata TCP stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-37592
1870225.55.3Database path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-22028
1870216.36.3Moddable OpenSource xsSymbol.c fxIDToString heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-29326
1870206.36.3Moddable OpenSource xsString.c fx_String_prototype_repeat heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-29325
1870196.36.3Moddable OpenSource xsScript.c stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-29324
1870186.36.3Moddable OpenSource xsTree.c fxBinaryExpressionNodeDistribute stack-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-29329
1870176.36.3Moddable OpenSource xsDebug.c fxDebugThrow buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-29328
1870166.36.3Moddable OpenSource xsDataView.c fx_ArrayBuffer heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-29327
1870156.36.3Moddable OpenSource modwifi.c heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-29323
1870146.46.4Wireshark Bluetooth DHT Dissector recursion$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-39929
1870136.46.4Wireshark Bluetooth HCI_ISO Dissector buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-39926
1870126.46.4Wireshark Bluetooth SDP Dissector buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-39925
1870116.46.4Wireshark Bluetooth DHT Dissector infinite loop$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-39924
1870106.46.4Wireshark IPPUSB Dissector null pointer dereference$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-39923
1870096.46.4Wireshark C12.22 Dissector buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-39922
1870086.46.4Wireshark Modbus Dissector denial of service$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-39921
1870076.86.6Vim use after free$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-3974
1870066.86.6Vim heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-3973
1870056.76.6Vim heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-3968
1870047.37.0Asus GT-AX11000 request smuggling$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-41436
1870035.55.3VMware Spring Template code injection$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-22053
1870023.73.6Asus GT-AX11000 CAPTCHA excessive authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-41435
1870013.83.7Adobe Audition File Parser out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-36003
1870006.86.8WPO365 LOGIN Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-43409
1869996.46.2Duplicate Post Plugin sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-43408
1869983.53.5Microsoft Clarity Configuration cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-33850

73 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!