Archive 01/14/2022

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Bentley View74
Cisco Security Manager13
Adobe AEM7
GPAC6
QNAP QVR Elite5

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix142
Temporary Fix0
Workaround1
Unavailable0
Not Defined24

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High1
Functional0
Proof-of-Concept1
Unproven0
Not Defined165

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤30
≤418
≤515
≤627
≤719
≤870
≤916
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤418
≤515
≤629
≤719
≤873
≤911
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k13
<2k40
<5k84
<10k25
<25k2
<50k3
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k139
<2k13
<5k10
<10k1
<25k4
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1904627.37.1Dolibarr ERP SQL Command sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-0224
1904617.37.0Imperva Web Application Firewall HTTP POST Request encoding error$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-45468
1904605.55.3Ray-Ban Stories Device Software Video Capture access control$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-24046
1904595.45.3Parity Frontier Debug Build integer underflow$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-21685
1904586.46.3Marked Regular Expression resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-21681
1904576.46.3marked Regular Expression resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-21680
1904564.34.2Discourse Group Member information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-21677
1904556.36.3NUUO NVRMini2 TAR Archive handle_import_user.php improper authentication$0-$5k$0-$5kHighOfficial Fix0.06CVE-2022-23227
1904544.24.1IBM Sterling Gentran:Server log file$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-39032
1904538.07.8October CMS Theme Import injection$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-32650
1904528.07.8October CMS Twig Code injection$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-32649
1904516.56.4vim heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-0213
1904507.06.9TeamViewer TVS File Parser out-of-bounds$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-34858
1904497.37.2Bentley View JT File Parser out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-34873
1904487.37.2Bentley View JT File Parser use after free$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-34922
1904473.63.6Bentley View JP2 File Parser use after free$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-34884
1904464.64.5livehelperchat cross-site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-0231
1904455.25.1AlCoda NetBiblio WebOPAC Search cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-42551
1904445.55.5China Mobile An Lianbao WF-1 Web Interface pop_usb_device os command injection$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-33962
1904436.16.0parsec default permission$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-36781
1904426.26.1Adobe AEM Form Field cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-44177
1904416.26.1Adobe AEM Form Field cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-44176
1904406.26.1Adobe AEM Form Field cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-43765
1904395.65.6Adobe AEM Form Field cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2021-43764
1904385.75.7Adobe AEM Form Field cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-43761
1904376.46.3Asus RT-AX56U URL Parameter path traversal$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-22054
1904364.64.6eyouCMS denial of service$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-46255
1904357.97.9Panda Free Antivirus Named Pipe unnecessary privileges$5k-$25k$5k-$25kNot DefinedNot Defined0.02CVE-2021-34998
1904344.34.2Reprise License Manager activate_process cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-45422
1904336.36.1Snipe-IT access control$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-0178
1904327.06.9Western Digital My Cloud OS DNS os command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2022-22991
1904317.17.0Western Digital My Cloud OS FTP Service issues.c stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-22989
1904305.35.2Adobe AEM URL cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-44178
1904296.56.3Adobe AEM Dispatcher input validation$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-43762
1904287.57.5Netgear R7000 SOAP Request authentication bypass$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2021-34977
1904275.55.5Dahua IP Camera/PTZ Dome Camera password recovery$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-33046
1904265.55.5jpress doUploadAndInstall Privilege Escalation$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-45807
1904254.54.4GPAC MP4Box hint_track.c gf_isom_get_payt_count null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-40576
1904244.54.4GPAC MP4Box reframe_mpgvid.c mpgviddmx_process null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-40575
1904234.54.4GPAC MP4Box list.c gf_list_del denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-40573
1904224.54.4GPAC MP4Box reframe_av1.c av1dmx_finalize denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-40572
1904218.58.5Adobe AEM Forms Cloud Service xml external entity reference$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-40722
1904208.17.9QNAP QVR Elite/QVR Pro/QVR Guard stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-38692
1904198.17.9QNAP QVR Elite/QVR Pro/QVR Guard stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-38691
1904188.17.9QNAP QVR Elite/QVR Pro/QVR Guard stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-38690
1904178.17.9QNAP QVR Elite/QVR Pro/QVR Guard buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-38689
1904168.17.9QNAP QVR Elite/QVR Pro/QVR Guard buffer overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-38682
1904155.75.6QNAP QcalAgent redirect$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2021-38678
1904144.24.1QNAP QcalAgent cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-38677
1904133.53.5GPAC gf_list_last denial of service$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-45760

117 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!