Archive 12/21/2021

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Adobe Premiere Rush16
Fuji Electric V-Server Lite6
Fuji Electric Tellus Lite V-Simulator6
Adobe Dimension6
GPAC5

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix65
Temporary Fix0
Workaround0
Unavailable0
Not Defined41

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept0
Unproven0
Not Defined106

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤30
≤425
≤516
≤620
≤730
≤811
≤93
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤425
≤516
≤623
≤729
≤89
≤93
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k28
<2k20
<5k36
<10k17
<25k5
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k65
<2k28
<5k9
<10k2
<25k2
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1888673.53.5GPAC gf_get_bit_size infinite loop$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-45297
1888665.55.3Open Design Alliance Drawings SDK TIF File out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-44860
1888655.55.3Open Design Alliance Drawings SDK TGA File out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-44859
1888645.55.3Open Design Alliance Drawings Explorer BMP File out-of-bounds read$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-44423
1888635.55.3Open Design Alliance Drawings BMP File heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2021-44422
1888624.34.3Gnuplot graph3d.c boundary3d divide by zero$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-44917
1888613.83.7IBM Business Automation Workflow access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-38900
1888604.84.7IBM Cloud Pak for Automation Web UI cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-38966
1888594.94.9IBM Business Automation Workflow Web UI cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-38893
1888583.53.5Wuzhi CMS System Bulletin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-19770
1888577.27.2Dell PowerPath Management Appliance hard-coded key$5k-$25k$0-$5kNot DefinedNot Defined0.04CVE-2021-43587
1888564.44.4Dell Wyse Device Agent information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-36341
1888553.53.5Binaryen visitLet denial of service$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-45293
1888543.53.5GPAC MP4Box Command gf_isom_hint_rtp_read denial of service$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-45292
1888533.53.5GPAC MP4Box Command gf_dump_setup denial of service$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2021-45291
1888523.53.5Binaryen handle_unreachable denial of service$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-45290
1888513.53.5GPAC denial of service$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-45289
1888503.53.5GPAC MP4Box Command filedump.c double free$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-45288
1888495.55.5Dalmark Systeam BI Report Module sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-44874
1888486.36.1Acclaim USAHERDS hard-coded credentials$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-44207
1888475.15.1Dell Wyse Management Suite TLS inadequate encryption$5k-$25k$0-$5kNot DefinedNot Defined0.03CVE-2021-36337
1888468.58.5Dell Wyse Management Suite deserialization$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2021-36336
1888454.74.7Dell EMC Avamar log file$5k-$25k$0-$5kNot DefinedNot Defined0.04CVE-2021-36318
1888447.37.2Marmind Web Application Cookie authentication bypass$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-27453
1888436.46.3Mesa Labs AmegaView Passcode improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2021-27451
1888425.55.5Dell EMC Avamar Server AvInstaller credentials storage$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2021-36317
1888413.13.1Dalmark Systeam Message information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-44876
1888403.13.1Dalmark Systeam Password Recovery Procedure information exposure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-44875
1888397.06.8Cronos control flow$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-43839
1888386.66.6Dell EMC PowerScale OneFS improper authentication$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2021-36350
1888379.39.2Mesa Labs AmegaView Web Server command injection$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-27449
1888368.68.5Mesa Labs AmegaView command injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-27447
1888356.56.4Mesa Labs AmegaView permission$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-27445
1888346.36.3Dalmark Systeam API Endpoint access control$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-44877
1888335.75.7Dell EMC Avamar Server AUI privileges management$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2021-36316
1888323.53.4PrestaShop cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2012-20001
1888315.55.5Stormshield Endpoint Security access control$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-45091
1888305.55.3Stormshield Endpoint Security access control$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-45089
1888296.36.0Stormshield Endpoint Security Privilege Escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-45090
1888284.54.4pimcore Web Page Generation cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-4139

66 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!