Cloud Software Vulnerabilities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor

Oracle576
Apple425
Not Defined390
OpenStack173
IBM151

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

Apple iCloud424
ownCloud108
Nextcloud Server48
Oracle Communications Diameter Signaling Router44
Oracle Communications Policy Management40

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix1898
Temporary Fix0
Workaround14
Unavailable0
Not Defined556

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High30
Functional1
Proof-of-Concept61
Unproven54
Not Defined2322

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical20
Local252
Adjacent122
Network2074

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High102
Low846
None1520

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required734
None1734

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤20
≤319
≤4158
≤5325
≤6487
≤7490
≤8632
≤9204
≤10153

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤327
≤4158
≤5374
≤6604
≤7457
≤8568
≤9150
≤10130

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤22
≤343
≤4255
≤5362
≤6460
≤7666
≤8400
≤9124
≤10156

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤34
≤437
≤592
≤6273
≤7261
≤8375
≤9424
≤10255

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤42
≤59
≤615
≤78
≤815
≤98
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤31
≤48
≤58
≤642
≤753
≤887
≤940
≤1070

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day

<1k238
<2k363
<5k496
<10k435
<25k730
<50k109
<100k41
≥100k56

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k1482
<2k268
<5k433
<10k138
<25k112
<50k35
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (593): A-Member, A-Member for MT Cloud, A-Reserve, A-Reserve for MT Cloud, Adobe Creative Cloud, Adobe Creative Cloud Desktop, Adobe Creative Cloud Desktop Application, Akamai CloudTest, Alcatel-Lucent 8008 Cloud Edition Deskphone, Amazon AWS CloudFormation Bootstrap Tools, Amazon AWS CloudFront, Annex Cloud Loyalty Experience Platform, AnyShare Cloud, Apache CloudStack, Apache libcloud, Apache Libcloud, Apple iCloud, Apple iClouds, Arista CloudEOS, Arista CloudVision eXchange Server, Arista CloudVision Portal, Arista Cloud EOS VM vEOS, Arista EOS, asyncapi java-spring-cloud-stream-template, Axios Italia Axioscloud Sissiweb Registro Elettronico, Big Switch Big Cloud Fabric, Big Switch Big Monitoring Fabric, Big Switch Multi-Cloud Director, CA Cloud Service Management, CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP, Cdsincdesign Simple Dropbox Upload Form, Cisco Application Policy Infrastructure Controller, Cisco CloudCenter Orchestrator, Cisco Cloud Application Policy Infrastructure Controller, Cisco Cloud Portal, Cisco Cloud Services Platform 2100, Cisco Intercloud Fabric, Cisco Intercloud Fabric for Business, Cisco Intercloud Fabric for Providers, Cisco Nexus 1000V InterCloud for VMware, cloud-init, Cloud4Wi, cloudacl Safe Browser - The Web Filter, CloudAvid PParam, CloudBees Directory, CloudBees Enterprise, CloudBoot, CloudCTI HIP Integrator Recognition Configuration Tool, Cloudera CDH, Cloudera Data Engineering, Cloudera Data Science Workbench, Cloudera Hue, Cloudera HUE, Cloudera Key Trustee Server, Cloudera Manager, Cloudera Manager UI, Cloudera Navigator, Cloudera Navigator Key Trustee KMS, Cloudera Search, cloudflare-scrape, Cloudflare OctoRPKI, Cloudflare WARP, cloudflared, CloudForms, Cloudforms, CloudForms Management Engine, CloudMe, CloudNine Interactive Links Manager, Cloudron, Cloudtoken, CloudView NMS, CloudVision Portal, Cloudwords for Multilingual Module, cloudwu cstring, cloudwu PBC, Cloud Foundry, Cloud Foundry BOSH, Cloud Foundry BOSH Azure CPI, Cloud Foundry BOSH System Metrics Server, Cloud Foundry CAPI, Cloud Foundry CF Networking Release, Cloud Foundry Cloud Controller, Cloud Foundry Cloud Controller API, Cloud Foundry CredHub CLI, Cloud Foundry Diego, Cloud Foundry Foundation UAA, Cloud Foundry Garden-runC, Cloud Foundry Loggregator, Cloud Foundry Log Cache, Cloud Foundry NFS Volume Service, Cloud Foundry Runtime, Cloud Foundry SMB Volume, Cloud Foundry UAA, Cloud Foundry UAA Server, Cloud Foundry Bits Service, Cloud Foundry BOSH, Cloud Foundry BOSH CLI, Cloud Foundry cf-deployment, Cloud Foundry CLI, Cloud Foundry Cloud Controller, Cloud Foundry CredHub, Cloud Foundry Garden-runC, Cloud Foundry NFS Volume, Cloud Foundry Plugin, Cloud Foundry Routing, Cloud Foundry Silk CNI Plugin, Cloud Foundry Stratos, Cloud Foundry UAA, Cloud Media Popcorn A-200, Cloud Native Computing Foundation Harbor, Cloud Server, Cloud Statistics Plugin, CodeLathe FileCloud, Cool Tag Cloud Plugin, Creative Cloud Desktop Application, CTERA Cloud Storage OS, Cubettechnologies Cloud Manager, Daumcorp Daum Cloud, Dell EMC CloudLink, Dell EMC Integrated System for Microsoft Azure Stack Hub, Deskpro Cloud, Deskpro Cloud Platform, Deskpro On-Premise, DigitalCloudToken, Directory Cloud Station, Documentcloud karteek-docsplit, dropbox, Dropbox App, Dropbox Desktop App, Dropbox SDK, Dropbox Lepton, Elastic Cloud Enterprise, Elasticsearch Elastic Cloud Enterprise, Elastic Cloud Enterprise, Elastic Runtime, Electric Cloud ElectricCommander, EMC Cloud Tiering Appliance Software, EMC Cloud Tiering Appliance Virtual Edition, EMC Elastic Cloud Storage, Enghouse Cloud Contact Center Platform, F-Secure Cloud Protection For Salesforce, F-Secure Email, F-Secure Internet GateKeeper, F-Secure Server Security, F5 BIG-IQ Cloud, F5 Security, Fabasoft Cloud, Firebase Cloud Messaging + Advance Admin Panel, FusionSphere OpenStack, geniuscloud Smart Browser, Gocloud ISP3000, Gocloud S2A, Gocloud S2A_WL, Gocloud S3A, Gocloud S3A K2P MTK, Google Cloud Platform guest-oslogin, Google Cloud Messaging Notification Plugin, granita Cloud Browser, GroupSession byCloud, GroupSession Free Edition, GroupSession ZION, GroupSession byCloud, GroupSession Free Edition, GroupSession ZION, H3C H3Cloud OS, Hangzhou Xiongmai XMeye P2P Cloud Server, HP Helion Cloud Development Platform, HP MagCloud, HPE Cloudline CL3100 Gen10 Server, HPE Cloudline CL4100 Gen10 Server, HPE Cloudline CL5200 Gen9 Server, HPE Cloudline CL5800 Gen9 Server, HPE Cloudline CL5800 Gen10 Server, HPE Cloud Optimizer, HPE Helion OpenStack Glance, Huawei AC6005, Huawei AC6605, Huawei AR200, Huawei AR1200, Huawei AR3200, Huawei CloudEngine, Huawei CloudEngine8800, Huawei CloudEngine 1800V, Huawei CloudEngine 5800, Huawei CloudEngine 6800, Huawei CloudEngine 7800, Huawei CloudEngine 8800, Huawei CloudEngine 12800, Huawei CloudLink Phone 7900, Huawei CloudUSM-EUA, Huawei E600, Huawei FusionSphere OpenStack, Huawei MyCloud APP, Huawei Public Cloud Solution, Huawei S1700, Huawei S2300, Huawei S2700, Huawei S5300, Huawei S5700, Huawei S6300, Huawei S6700, Huawei S7700, Huawei S9300, Huawei S9700, Huawei S12700, Huawei Secospace USG6600, Huawei CloudEngine 7800, Ian Bezanson DropBox, IBM Aspera Cloud, IBM Cloudscape, IBM Cloud APM, IBM Cloud Application Performance Management, IBM Cloud App Management, IBM Cloud CLI, IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, IBM Cloud Pak for Applications, IBM Cloud Pak for Data, IBM Cloud Pak for Multicloud Management, IBM Cloud Pak for Multicloud Management Monitoring, IBM Cloud Pak for Security, IBM Cloud Pak System, IBM Cloud Private, IBM Kenexa LCMS Premier on Cloud, IBM Kenexa LMS on Cloud, IBM MQ Advanced Cloud Pak, IBM Multi-Cloud Data Encryption, IBM Multicloud Manager, IBM SmartCloud Analytics, IBM SmartCloud Analytics Log Analysis, IBM SmartCloud Control Desk, IBM SmartCloud Provisioning, IBM Watson Developer Cloud, IBM Application Security on Cloud Plugin, ICloudCenter ICJobSite, ICloudCenter ICTimeAttendance, Intel Expressway Cloud Access 360, Intel Security CloudAV, Intel Unite Cloud Service Client, Intelbras NCLOUD 300, Ivanti EPM Cloud Services Appliance, Juniper Mist Cloud UI, Juniper Networks Contrail Cloud, Kaspersky Internet Security, Kaspersky Secure Connection, Kaspersky Security Cloud, Kaspersky Total Security, Lenovo Cloud Networking Operating System, LiveCRM SaaS Cloud Component, Maxthon Cloud Browser, McAfee Cloud Single Sign On, McAfee ePO Cloud, metago ASTRO File Manager with Cloud, Microsoft Azure Active Directory, Microsoft Azure Active Directory Connect, Microsoft Azure Active Directory Passport, Microsoft Azure AD Connect, Microsoft Azure App Service, Microsoft Azure Automation, Microsoft Azure Container Instance, Microsoft Azure CycleCloud, Microsoft Azure DevOps Server, Microsoft Azure Functions, Microsoft Azure IoT CLI Extension, Microsoft Azure IoT Edge, Microsoft Azure IoT SDK, Microsoft Azure Kubernetes Service, Microsoft Azure Linux Guest Agent, Microsoft Azure Migrate, Microsoft Azure Open Management Infrastructure, Microsoft Azure Pack Rollup, Microsoft Azure RTOS, Microsoft Azure SDK for Java, Microsoft Azure Service Fabric, Microsoft Azure Site Recovery, Microsoft Azure Sphere, Microsoft Azure Spring Cloud, Microsoft Azure SSH Keypairs, Microsoft Azure Stack, Microsoft Hub Device Client SDK for Azure IoT, Microsoft OneDrive, Mightymess SoundCloud Is Gold, Mitel MiCloud Management Portal, Musicloud, NAVER Cloud Explorer, NetApp Cloud Manager, NetEase NetEase CloudAlbum, Netgear Insight Cloud, Netsparker Cloud Scan Plugin, Nextcloud, NextCloud, Nextcloud App Extract, Nextcloud Circle, Nextcloud Circles, Nextcloud Contacts, Nextcloud Deck, Nextcloud Desktop Client, Nextcloud End-to-End Encryption, Nextcloud Lookup-Server, Nextcloud Mail, Nextcloud Mail Application, Nextcloud OfficeOnline, Nextcloud Preferred Providers App, Nextcloud Richdocuments, Nextcloud Server, Nextcloud Social, Nextcloud Social App, Nextcloud Talk, Nextcloud Text, NextCloud Mail, NextCloud Preferred Providers App, Nextcloud Server, NoMachine Cloud Server, Novell Cloud Manager, Novell SUSE Cloud, No Magic TeamworkCloud, Okacloud Domain Name Search , Okacloud Web Host, OnCommand Cloud Manager, OpenStack, openstack-cinder, openstack-ironic-inspector, openstack-mistral, openstack-neutron, openstack-tripleo-heat-templates, openstack-tripleo-image-elements, openstack-utils, OpenStack blazar-dashboard, OpenStack Ceilometer, OpenStack Cinder, OpenStack Compute, OpenStack Compute (Nova), OpenStack Dashboard, OpenStack Delivery Service, OpenStack Designate, OpenStack devstack, OpenStack Diablo, OpenStack Essex, OpenStack Folsom, OpenStack Glance, OpenStack Grizzly, OpenStack Havana, OpenStack Heat, OpenStack Horizon, OpenStack horizon, OpenStack icehouse, OpenStack Identity, OpenStack Image Registry, OpenStack Image Registry And Delivery Service, OpenStack Image Registry And Delivery Service (glance), OpenStack Image Service, OpenStack Ironic, OpenStack Ironic Inspector, OpenStack Keystone, OpenStack keystonemiddleware, OpenStack Keystone Folsom, OpenStack Manila, OpenStack Murano, openstack neutron, OpenStack Neutron, OpenStack Newton, OpenStack Nova, Openstack Nova, OpenStack Nova-LXD, OpenStack Object Storage, OpenStack Ocata, OpenStack OpenStack Keystone, OpenStack Orchestration, OpenStack os-vif, OpenStack Puppet Module for Gerrit, OpenStack PyCADF, OpenStack python-keystoneclient, OpenStack rabbitmq, OpenStack Swauth, OpenStack swift, OpenStack Swift, OpenStack Swift-on-File, OpenStack Trove, OpenStack Workflow, Openstack Cloud Plugin, OpenStack Compute, OpenStack Dashboard Package, Openstack Deployment, OpenStack Horizon, OpenStack Identity, OpenStack Keystone, OpenStack Magnum, OpenStack Mistral, OpenStack Neutron, OpenStack Nova, OpenStack Octavia, Oracle CloudForms Management Engine, Oracle Cloud Infrastructure Data Science Notebook Sessions, Oracle Cloud Infrastructure Storage Gateway, Oracle Cloud Services, Oracle Communications, Oracle Communications Analytics, Oracle Communications Application Session Controller, Oracle Communications ASAP, Oracle Communications ASAP Cartridges, Oracle Communications Billing, Oracle Communications Billing and Revenue Management, Oracle Communications BRM, Oracle Communications BRM - Elastic Charging Engine, Oracle Communications BRM Elastic Charging Engine, Oracle Communications Calendar Server, Oracle Communications Cloud Native Core Console, Oracle Communications Cloud Native Core Network Function Cloud Native Environment, Oracle Communications Cloud Native Core Network Repository Function, Oracle Communications Cloud Native Core Network Slice Selection Function, Oracle Communications Cloud Native Core Policy, Oracle Communications Cloud Native Core Security Edge Protection Proxy, Oracle Communications Cloud Native Core Service Communication Proxy, Oracle Communications Cloud Native Core Unified Data Repository, Oracle Communications Contacts Server, Oracle Communications Control Plane Monitor, Oracle Communications Converged Application Server, Oracle Communications Converged Application Server - Service Controller, Oracle Communications Converged Application Server Service Controller, Oracle Communications Convergence, Oracle Communications Convergent Charging Controller, Oracle Communications Core Session Manager, Oracle Communications Design Studio, Oracle Communications Diameter Signaling Router, Oracle Communications Diameter Signaling Router (DSR), Oracle Communications EAGLE Application Processor, Oracle Communications EAGLE FTP Table Base Retrieval, Oracle Communications EAGLE LNP Application Processor, Oracle Communications EAGLE Software, Oracle Communications Element Manager, Oracle Communications Evolved Communications Application Server, Oracle Communications Fraud Monitor, Oracle Communications Instant Messaging Server, Oracle Communications Interactive Session Recorder, Oracle Communications IP Service Activator, Oracle Communications LSMS, Oracle Communications Messaging Server, Oracle Communications MetaSolv Solution, Oracle Communications Network Charging, Oracle Communications Network Charging and Control, Oracle Communications Network Integrity, Oracle Communications Network Intelligence, Oracle Communications Offline Mediation Controller, Oracle Communications Online Mediation Controller, Oracle Communications Operations Monitor, Oracle Communications Order, Oracle Communications Performance Intelligence Center (PIC) Software, Oracle Communications Performance Intelligence Center Software, Oracle Communications Policy Management, Oracle Communications Pricing Design Center, Oracle Communications Security Gateway, Oracle Communications Services Gatekeeper, Oracle Communications Service Broker, Oracle Communications Service Broker Engineered System Edition, Oracle Communications Session Border Controller, Oracle Communications Session Report Manager, Oracle Communications Session Router, Oracle Communications Session Route Manager, Oracle Communications Subscriber-Aware Load Balancer, Oracle Communications Tekelec HLR Router, Oracle Communications Unified, Oracle Communications Unified Inventory Management, Oracle Communications Unified Session Manager, Oracle Communications User Data Repository, Oracle Communications WebRTC Session Controller, Oracle Control, Oracle Retail Insights Cloud Service Suite, Oracle Retail Order Broker Cloud Service, Oracle Retail Order Management System Cloud Service, Oracle Revenue Management, Oracle Right Now Service Cloud, Oracle Service Management, Oracle Storage Cloud Software Appliance, Oracle Cloud Infrastructure Compute Classic Plugin, OSIsoft PI Integrator for Business Analytics, OSIsoft PI Integrator for Microsoft Azure, OSIsoft PI Integrator for SAP HANA, ownCloud, ownCloud Desktop Client, ownCloud Server, ownCloud user_ldap, ownCloud Windows Client, ownCloud Client, ownCloud Desktop, ownCloud Server, Palo Alto Prisma Cloud Compute, Palo Alto VM Series Firewall for Microsoft Azure, pivotal-cf Spring Cloud SSO Connector, Pivotal Cloud Cache, Pivotal Cloud Foundry, Pivotal Cloud Foundry Elastic Runtime, Pivotal Cloud Foundry Ops Manager, Pivotal Cloud Foundry Runtime, Pivotal Cloud Foundry On Demand Services SDK, Polycom RealPresence CloudAXIS Suite, QNAP myQNAPcloud Connect, Quali CloudShell, Red Hat Cloudforms, Red Hat CloudForms, Red Hat CloudForms 2 Management Engine, Red Hat Cloudforms 3.0 Management Engine, Red Hat CloudForms 3.0 Management Engine, Red Hat CloudForms 3.1 Management Engine, Red Hat CloudForms Cloud Engine, Red Hat CloudForms Management Engine, Red Hat openstack, Red Hat OpenStack, Red Hat Openstack, Red Hat openstack-neutron, Red Hat openstack-octavia, Red Hat Openstack Enterprise, Red Hat Openstack Folsom, Red Hat OpenStack Platform, Red Hat OpenStack Platform Director, Red Hat QuickStart Cloud Installer, RiyaLab CloudISO, Samsung Cloud, SAP Cloud Connector, SAP Cloud Platform, SAP Commerce Cloud, SAP sap-cloud-sdk, SCORM Cloud Plugin, Seagate Personal Cloud, Skytap Cloud CI Plugin, SoftNAS Cloud, somcloud Somnote - Journal-Memo, Spring Cloud Netflix, Spring Cloud Config, Supra Smart Cloud TV, SuSE Openstack Cloud, SuSE OpenStack Cloud Crowbar, Synology Cloud Station, Synology Cloud Station Drive, Synology QTS, Synology QuTScloud, Synology QuTS Hero, Telekom Open Cloud SSO, Teradici Cloud Access Connector, Teradici Cloud Access Connector Legacy, TP-LINK Cloud Camera, Trove Barclamp, Umbraco Cloud, UniFi Cloud Key, VeloCloud Orchestrator, Veritas CloudPoint, VMware Carbon Black Cloud Workload Appliance, VMware Cloud Director, Vmware macOS Sensor for VMware Carbon Black Cloud, Vmware Spring Cloud Data Flow, VMware Spring Cloud Gateway, VMware Spring Cloud Netflix Zuul, VMware Spring Cloud OpenFeign, Vmware Spring Cloud Task, VMware vCloud Director, VMware vCloud Director for Service Providers, VMware vRealize Business for Cloud, wdc WD My Cloud, Webroot BrightCloud SDK, Western Digital DL2100, Western Digital DL4100, Western Digital EX2 Ultra, Western Digital EX2100, Western Digital EX4100, Western Digital ibi, Western Digital Mirror Gen2, Western Digital mycloud.com, Western Digital MyCloud NAS, Western Digital MyCloud PR4100, Western Digital My Cloud, Western Digital My Cloud Cloud, Western Digital My Cloud DL2100, Western Digital My Cloud DL4100, Western Digital My Cloud EX2 Ultra, Western Digital My Cloud EX2100, Western Digital My Cloud EX4100, Western Digital My Cloud Home, Western Digital My Cloud Mirror Gen2, Western Digital My Cloud NAS, Western Digital My Cloud OS, Western Digital My Cloud PR2100, Western Digital My Cloud PR4100, Western Digital PR2100, Western Digital PR4100, Western Digital WD My Cloud, Western Digital WD My Cloud Mirror, Ypsomed mylife Cloud, Ypsomed mylife Mobile Application, Zoho ManageEngine Cloud Security Plus, ZOOM Cloud Meetings, ZTE ZXCLOUD GoldenData VAP, ZTE ZXCLOUD iRAI, ZXCLOUD iRAI, ZyXEL CloudCNM SecuManager

PublishedBaseTempVulnerabilityProdExpRemCTICVE
12/24/20212.42.4GroupSession Free Edition/byCloud/ZION path traversalFree Edition/byCloud/ZIONNot DefinedNot Defined0.00CVE-2021-20876
12/24/20216.36.3GroupSession Free Edition/byCloud/ZION redirectFree Edition/byCloud/ZIONNot DefinedNot Defined0.00CVE-2021-20875
12/24/20215.35.3GroupSession Free Edition/byCloud/ZION permissionFree Edition/byCloud/ZIONNot DefinedNot Defined0.00CVE-2021-20874
12/24/20216.36.0Apple iCloud null pointer dereferenceiCloudNot DefinedOfficial Fix0.06CVE-2018-4302
12/22/20214.34.2IBM Cloud Pak for Security HTTP Response information disclosureCloud Pak for SecurityNot DefinedOfficial Fix0.15CVE-2021-39013
12/13/20213.53.4Huawei CloudEngine 7800 Binary Message Parser memory allocationCloudEngine 12800/CloudEngine 5800/CloudEngine 6800/CloudEngine 7800Not DefinedNot Defined0.00CVE-2021-40008
12/09/20216.36.3Ivanti EPM Cloud Services Appliance code injectionEPM Cloud Services ApplianceNot DefinedNot Defined0.15CVE-2021-44529
12/08/20218.38.1NoMachine Cloud Server IOCTL buffer overflowCloud ServerNot DefinedOfficial Fix0.00CVE-2021-42980
12/08/20218.38.1Cloud Server IOCTL integer overflowCloud ServerNot DefinedOfficial Fix0.05CVE-2021-42979
11/24/20214.94.8Dell EMC CloudLink buffer overflowCloudLinkNot DefinedOfficial Fix0.05CVE-2021-36333
11/24/20214.34.1Microsoft Azure Migrate information disclosureAzure Migrate/Azure Site Recovery/Azure Active Directory/Azure AutomationNot DefinedOfficial Fix0.12CVE-2021-42306
11/24/20215.35.2Dell EMC CloudLink input validationCloudLinkNot DefinedOfficial Fix0.09CVE-2021-36335
11/24/20214.44.4Dell EMC CloudLink cross site scriptingCloudLinkNot DefinedOfficial Fix0.00CVE-2021-36332
11/24/20216.76.5Dell EMC CloudLink Remote Code ExecutionCloudLinkNot DefinedOfficial Fix0.00CVE-2021-36314
11/24/20218.18.0Dell EMC CloudLink hard-coded passwordCloudLinkNot DefinedOfficial Fix0.00CVE-2021-36312
11/24/20215.35.2Dell EMC CloudLink csv injectionCloudLinkNot DefinedOfficial Fix0.00CVE-2021-36334
11/24/20217.87.7Dell EMC CloudLink injectionCloudLinkNot DefinedOfficial Fix0.04CVE-2021-36313
11/24/20217.06.9Adobe Creative Cloud Installation Setup.exe access controlCreative CloudNot DefinedOfficial Fix0.05CVE-2021-43019
11/23/20216.56.5Huawei CloudEngine 5800 access controlCloudEngine 5800Not DefinedNot Defined0.00CVE-2021-39976
11/19/20215.35.2Adobe Creative Cloud Desktop Installer temp fileCreative CloudNot DefinedOfficial Fix0.09CVE-2021-43017
11/18/20215.05.0Nextcloud Talk File cross site scriptingTalkNot DefinedOfficial Fix0.00CVE-2021-39222
11/12/20213.13.1Cloudflare OctoRPKI Repository resource consumptionOctoRPKINot DefinedNot Defined0.05CVE-2021-3912
11/12/20213.13.1Cloudflare OctoRPKI Repository denial of serviceOctoRPKINot DefinedNot Defined0.00CVE-2021-3911
11/12/20213.33.3Cloudflare OctoRPKI Repository denial of serviceOctoRPKINot DefinedNot Defined0.00CVE-2021-3910
11/12/20213.33.3Cloudflare OctoRPKI HTTP Request resource consumptionOctoRPKINot DefinedNot Defined0.00CVE-2021-3909
11/12/20214.84.8Cloudflare OctoRPKI Certificate Chain resource consumptionOctoRPKINot DefinedNot Defined0.00CVE-2021-3908
11/12/20216.56.5Cloudflare OctoRPKI Cache Folder path traversalOctoRPKINot DefinedNot Defined0.20CVE-2021-3907
11/09/20213.83.4Microsoft Azure RTOS information disclosureAzure RTOSUnprovenOfficial Fix0.04CVE-2021-42323
11/09/20215.75.0Microsoft Azure RTOS Local Privilege EscalationAzure RTOSUnprovenOfficial Fix0.12CVE-2021-42304
11/09/20215.75.0Microsoft Azure RTOS Local Privilege EscalationAzure RTOSUnprovenOfficial Fix0.05CVE-2021-42303
11/09/20215.75.0Microsoft Azure RTOS Local Privilege EscalationAzure RTOSUnprovenOfficial Fix0.00CVE-2021-42302
11/09/20213.32.9Microsoft Azure RTOS information disclosureAzure RTOSUnprovenOfficial Fix0.08CVE-2021-42301
11/09/20215.85.1Microsoft Azure Sphere Local Privilege EscalationAzure SphereUnprovenOfficial Fix0.05CVE-2021-42300
11/09/20212.52.2Microsoft Azure Sphere information disclosureAzure SphereUnprovenOfficial Fix0.05CVE-2021-41376
11/09/20213.53.1Microsoft Azure Sphere information disclosureAzure SphereUnprovenOfficial Fix0.00CVE-2021-41375
11/09/20216.55.6Microsoft Azure Sphere information disclosureAzure SphereUnprovenOfficial Fix0.05CVE-2021-41374
11/09/20212.72.4Microsoft Azure RTOS information disclosureAzure RTOSUnprovenOfficial Fix0.00CVE-2021-26444
11/08/20216.05.9VMware Spring Cloud Gateway Downstream Service authorizationSpring Cloud GatewayNot DefinedOfficial Fix0.07CVE-2021-22051
11/08/20215.45.4Cloudera Manager Dashboard access controlManagerNot DefinedNot Defined0.09CVE-2021-32483
11/08/20213.53.5Cloudera Manager Parameter cross site scriptingManagerNot DefinedNot Defined0.09CVE-2021-32482
11/08/20214.84.8Cloudera Hue Parameter cross site scriptingHueNot DefinedNot Defined0.00CVE-2021-32481
11/08/20214.84.7Cloudera HUE cross site scriptingHUENot DefinedNot Defined0.13CVE-2021-29994
11/08/20213.53.5Cloudera Manager cross site scriptingManagerNot DefinedNot Defined0.05CVE-2021-29243
11/08/20217.67.6Cloudera Manager access controlManagerNot DefinedNot Defined0.00CVE-2021-30132
11/06/20214.84.7SAP sap-cloud-sdk information disclosuresap-cloud-sdkNot DefinedOfficial Fix0.05CVE-2021-41251
11/01/20214.44.4Cool Tag Cloud Plugin Shortcode cross site scriptingCool Tag Cloud PluginNot DefinedOfficial Fix0.09CVE-2021-24682
10/29/20215.55.5VMware Spring Cloud OpenFeign RequestMapping information disclosureSpring Cloud OpenFeignNot DefinedNot Defined0.06CVE-2021-22044
10/28/20215.95.8Cloud Foundry Cloud Controller REST HTTP Request resource consumptionCloud ControllerNot DefinedOfficial Fix0.00CVE-2021-22101
10/27/20216.46.4Huawei CloudEngine 7800 Packet use after freeCloudEngine 12800/CloudEngine 5800/CloudEngine 6800/CloudEngine 7800Not DefinedNot Defined0.00CVE-2021-37122
10/26/20215.15.1Nextcloud Contacts Application cross site scriptingNextcloudNot DefinedOfficial Fix0.07CVE-2021-39221

2418 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!