Recent 07/21/2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Oracle MySQL Server35
Oracle Database Server16
Oracle Outside In Technology11
Oracle PeopleSoft Enterprise PeopleTools9
Oracle Communications Pricing Design Center9

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix382
Temporary Fix0
Workaround0
Unavailable0
Not Defined22

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept3
Unproven0
Not Defined401

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base

≤10
≤20
≤32
≤424
≤558
≤663
≤754
≤8109
≤949
≤1045

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤34
≤423
≤559
≤675
≤759
≤8120
≤921
≤1043

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k22
<2k11
<5k72
<10k81
<25k147
<50k23
<100k28
≥100k20

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k147
<2k41
<5k99
<10k68
<25k16
<50k33
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

CreatedBaseTempVulnerability0dayTodayExpRemCTICVE
10:52 PM3.53.4Schneider Electric EVlink City/EVlink Parking/EVlink Smart Wallbox Maintenance Report information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-22728
10:51 PM3.53.4Schneider Electric EVlink City/EVlink Parking/EVlink Smart Wallbox Maintenance Report information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-22728
10:50 PM3.53.4Schneider Electric EVlink City/EVlink Parking/EVlink Smart Wallbox Javascript information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-22721
10:49 PM5.55.3Combodo iTop Setup Wizard command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-21406
10:48 PM4.34.2Motorola CX2 Syslog improper authentication$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-21934
10:48 PM3.53.4Motorola CX2 Log Tar Package information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-21933
10:47 PM4.34.1MikroTik RouterOS ipsec denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-20262
10:47 PM4.34.2MikroTik RouterOS igmp-proxy null pointer dereference$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-20219
10:44 PM4.34.1Elasticsearch Error Report information exposure$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-22145
10:43 PM4.34.3MV mConnect Logon Page information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2020-23283
10:41 PM6.56.2MikroTik RouterOS cerm resource consumption$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-20221
10:41 PM5.04.8Teradici PCoIP Software Client OpenSSL untrusted search path$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-25699
10:40 PM5.04.8Teradici PCoIP Standard Agent OpenSSL untrusted search path$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-25698
10:39 PM3.53.5Piwigo cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-22150
10:38 PM3.53.5Piwigo cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-22148
10:38 PM5.55.5Linux Kernel hso.c hso_free_net_device use after free$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2021-37159
10:37 PM4.34.2WooCommerce Stock Manager Plugin Nonce import-export.php cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2021-34619
08:39 PM5.55.3Hashicorp Terraform Enterprise API Request access control$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-36230
08:38 PM5.35.1Pires go-proxyproto Proxy Protocol Header denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-23409
08:37 PM6.56.2systemd unit-name.c alloca allocation of resources$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-33910
08:36 PM5.04.8Gradle application/gradlew os command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-32751
12:16 PM8.87.9Linux Kernel Filesystem Layer out-of-bounds write$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.13CVE-2021-33909
11:59 AM4.94.7NVIDIA Virtual GPU Manager vGPU null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-1103
11:59 AM6.56.2NVIDIA Virtual GPU Manager vGPU denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-1102
11:58 AM6.56.2NVIDIA Virtual GPU Manager vGPU null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-1101
11:58 AM4.44.2Trend Micro Apex One permission$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-32463
11:56 AM3.53.4Faraday Edge Network Name cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-27338
11:55 AM4.44.2Fortinet FortiAnalyzer/FortiManager CLI denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-24022
11:54 AM5.55.3Open vSwitch decode_NXAST_RAW_ENCAP use after free$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-36980
11:54 AM5.55.3Unicorn Engine tb_flush_armeb out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-36979
11:53 AM5.55.3QPDF write heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-36978
11:51 AM5.55.3matio H5MM_memcpy heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-36977
11:50 AM5.55.3libarchive copy_string use after free$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-36976
11:49 AM5.55.3Mojang Studios Minecraft Online Mode path traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-35054
11:47 AM5.55.5libsndfile WAV File msadpcm_decode_block heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-3246
11:46 AM4.74.5Fortinet FortiSandbox Sniffer Module os command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-22125
11:45 AM5.55.5Tobesoft XPlatform ActiveX input validation$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-7866
11:44 AM5.55.3Unicorn Engine helper_wfe_arm out-of-bounds write$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-36431
11:43 AM5.55.3libass Integer Data decode_chars heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-36430
11:43 AM5.55.3open62541 Variant_encodeJson out-of-bounds write$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-36429

364 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!