Recent 01/14/2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTICVE
21:515.15.1Apache Tomcat NTFS File System File.getCanonicalPath information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2021-24122
21:507.37.3XMLBeans XML Parser xml external entity reference$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2021-23926
21:493.93.9ZTE ZXV10 B860A Log information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-21722
21:487.57.5acmailer/acmailer DB improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-20618
21:488.08.0acmailer/acmailer DB access control$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-20617
21:472.42.4Bosch PRAESIDEO/PRAESENSA Web-based Management Interface cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-6777
21:464.34.3Bosch PRAESIDEO/PRAESENSA Web-based Management Interface cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-6776
21:464.44.4SimplCommerce Bootbox.js html cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-29587
21:446.36.1Fortinet FortiWeb httpd stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-29019
21:437.57.5Fortinet FortiWeb format string$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-29018
21:437.57.5Fortinet FortiDeceptor Customization Page os command injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-29017
21:428.58.2Fortinet FortiWeb Request stack-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-29016
21:407.77.4Fortinet FortiWeb Authorization Header sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.22CVE-2020-29015
21:396.25.9scullyio scully HTML Page JSON.stringify state issue$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-28470
21:374.54.5TOTOLINK A702R Directory Indexing information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2020-27368
21:344.44.4Skyworth GN542VF Configuration Page cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-26733
21:335.65.6Skyworth GN542VF Boa Session Cookie missing secure attribute$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-26732
13:407.27.2Open-iSCSI tcmu-runner tcmur_cmd_handler.c xcopy_locate_udev pathname traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-3139
13:396.96.9Discourse 2FA improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.18CVE-2021-3138
13:385.95.61C:Enterprise URL Parameter information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-3131
13:382.72.6Palo-Alto PAN-OS log file$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-3032
13:364.34.1Palo-Alto PAN OS Ethernet Packet information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-3031
13:357.67.3git-big-picture Branch Name input validation$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-3028
13:345.55.3OWASP json-sanitizer JSON denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-23900
13:346.66.4OWASP json-sanitizer Script Tag cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-23899
13:334.54.5Bumblebee HP ALM Plugin Configuration File credentials storage$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-21614
13:324.84.8TICS Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-21613
13:324.54.5TraceTronic ECU-TEST Plugin Configuration File credentials storage$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-21612
13:324.44.4Jenkins Display Name cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2021-21611
13:314.84.8Jenkins Markup cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-21610
13:315.45.4Jenkins URL handler authorization$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-21609
13:304.44.4Jenkins cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-21608
13:305.05.0Jenkins URL memory allocation$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2021-21607
13:293.93.9Jenkins XML File information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-21606
13:236.76.7Jenkins Agent config.xml permission$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-21605
13:226.76.7Jenkins Old Data Monitor deserialization$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-21604
13:224.44.4Jenkins Notification Bar cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-21603
13:216.06.0Jenkins File Browser link following$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-21602
13:206.46.1jQuery Validation Plugin resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21252
13:197.06.7Adobe Bridge TTF File out-of-bounds write$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21013
13:196.36.0Adobe Bridge TTF File out-of-bounds write$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-21012
13:185.35.1Adobe Captivate 2019 uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-21011
13:185.35.1Adobe InCopy uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21010
13:175.35.1Adobe Campaign Classic server-side request forgery$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21009
13:165.35.1Adobe Animate uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-21008
13:165.35.1Adobe Illustrator uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-21007
13:156.36.0Adobe Photoshop Font File heap-based overflow$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21006
12:437.27.0Cisco Small Business Web-based Management Interface stack-based overflow$5k-$25k$5k-$25kNot DefinedWorkaround0.04CVE-2021-1360
12:434.24.1Cisco WebEx Meetings/WebEx Meetings Server Host Key excessive authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-1311
12:425.55.3Cisco Webex Meetings Web-based Management Interface redirect$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2021-1310

Do you know our Splunk app?

Download it now for free!