Recent 04/07/2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTICVE
18:006.36.3GNU Chess PGN cmd.cc cmd_pgnreplay buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.36CVE-2021-30184
17:565.55.5GNOME file-roller Extraction fr-archive-libarchive.c pathname traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.47CVE-2020-36314
14:456.36.0PHP-Nuke User Registration sql injection$0-$5k$0-$5kProof-of-ConceptNot Defined0.47CVE-2021-30177
14:447.37.1D-Link DSL-320B-D1 login.xgi buffer overflow$5k-$25k$5k-$25kNot DefinedWorkaround0.67CVE-2021-26709
13:545.55.5EikiSoft Archive Collectively Operation Utility ZIP Archive pathname traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-20692
13:533.53.5Yomi-Search cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2021-20691
13:523.53.5Yomi-Search cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-20690
13:513.53.5Yomi-Search cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2021-20689
13:513.53.5Click Ranker cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2021-20688
13:503.53.5Kagemai cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2021-20687
13:493.53.5Kagemai cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-20686
13:493.53.5Kagemai cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-20685
13:483.53.5MagazinegerZ cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.21CVE-2021-20684
13:487.87.8Qualcomm Snapdragon Compute IO Control memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.89CVE-2021-1892
13:437.57.5Qualcomm Snapdragon Auto RTCP Packet denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.15CVE-2020-11255
13:431.91.9Qualcomm Snapdragon Auto TrustZone information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.15CVE-2020-11252
13:427.37.0Qualcomm Snapdragon Auto DTMF Payload out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.40CVE-2020-11251
13:416.36.3Qualcomm Snapdragon Auto out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.10CVE-2020-11247
13:407.87.8Qualcomm Snapdragon Auto Suspend Mode double free$5k-$25k$0-$5kNot DefinedOfficial Fix0.10CVE-2020-11246
13:407.87.8Qualcomm Snapdragon Auto NS EL2 access control$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-11245
13:385.35.3Qualcomm Snapdragon Auto RRC denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.35CVE-2020-11243
13:387.87.8Qualcomm Snapdragon Industrial IOT/Snapdragon Mobile SDI Local Privilege Escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.20CVE-2020-11242
13:377.87.8Qualcomm Snapdragon Auto Histogram memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.40CVE-2020-11237
13:357.87.8Qualcomm Snapdragon Auto Dimensions memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-11236
13:347.87.8Qualcomm Snapdragon Auto Socket Event use after free$5k-$25k$0-$5kNot DefinedOfficial Fix0.20CVE-2020-11234
13:316.76.7Qualcomm Snapdragon Compute Thread heap-based overflow$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-11231
13:297.87.8Qualcomm Snapdragon Connectivity RPM memory corruption$5k-$25k$0-$5kNot DefinedOfficial Fix0.19CVE-2020-11210
13:287.37.3Qualcomm Snapdragon Auto SDP out-of-bounds read$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-11191
13:223.53.5Linux Kernel SynIC Hyper-V hyperv.c synic_get null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.46CVE-2021-30178
13:213.53.5DMA Softlab Radius Manager admin.php cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.10CVE-2021-30147
13:205.55.5Linux Kernel KVM Subsystem kvm-s390.c unknown vulnerability$5k-$25k$0-$5kNot DefinedOfficial Fix0.15CVE-2020-36313
13:183.53.5Linux Kernel kvm_main.c kvm_io_bus_unregister_dev memory leak$0-$5k$0-$5kNot DefinedOfficial Fix0.31CVE-2020-36312
13:173.53.5Linux Kernel SEV VM sev.c denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.25CVE-2020-36311
13:163.53.5Linux Kernel svm.c set_memory_region_test infinite loop$0-$5k$0-$5kNot DefinedOfficial Fix0.28CVE-2020-36310
08:155.55.5Proofpoint Insider Threat Management Server Web Console improper authorization$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-27900
08:145.65.6Proofpoint Insider Threat Management Agents channel accessible$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-27899
08:133.53.5Teradici PCoIP Connection Manager and Security Gateway log file$0-$5k$0-$5kNot DefinedOfficial Fix0.22CVE-2021-25692
08:125.55.5Proofpoint Insider Threat Management Server Web Console xml external entity reference$0-$5k$0-$5kNot DefinedOfficial Fix0.22CVE-2021-22158
08:053.53.5Proofpoint Insider Threat Management Server cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-22157
08:045.05.0projen Project Configuration Remote Privilege Escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-21423
08:033.53.5Syncthing Relay Messages denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-21404
08:015.55.5ngx_http_lua_module API unknown vulnerability$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-36309
08:005.55.5OpenIAM permission$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-13422
07:595.55.5OpenIAM access control$0-$5k$0-$5kNot DefinedOfficial Fix0.47CVE-2020-13421
07:586.36.3OpenIAM Groovy Script Remote Privilege Escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.51CVE-2020-13420
07:585.55.5OpenIAM Batch pathname traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-13419
07:583.53.5OpenIAM Add New User cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2020-13418
07:573.53.5Seafile Share of Library cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.27CVE-2021-30146
07:563.53.5LiquidFiles Send Email cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.76CVE-2021-30140
07:563.53.5phpseclib RSA PKCS#1 v1.5 Signature Verification signature verification$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-30130

Do you know our Splunk app?

Download it now for free!