Updates March 2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

UpdatedBaseTempVulnerabilityChangeExpRemCTICVE
03/31/20216.36.0Apple Safari WebKit memory corruption(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedOfficial Fix0.04CVE-2021-1844
03/31/20216.36.0Apple macOS WebKit memory corruption(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedOfficial Fix0.18CVE-2021-1844
03/31/20216.36.0Apple watchOS WebKit memory corruption(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedOfficial Fix0.41CVE-2021-1844
03/31/20216.36.0Apple iOS/iPadOS WebKit memory corruption(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedOfficial Fix0.00CVE-2021-1844
03/31/20213.02.9F5 BIG-IQ REST services cross site scripting(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.05CVE-2021-23006
03/31/20213.53.4F5 BIG-IQ High Availability missing encryption(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.04CVE-2021-23005
03/31/20215.55.3F5 BIG-IP TCP  Profile unknown vulnerability(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.05CVE-2021-23004
03/31/20213.53.4F5 BIG-IP TCP  Profile denial of service(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.05CVE-2021-23003
03/31/20213.53.4F5 BIG-IP APM/BIG-IP APM Clients VPN information disclosure(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.04CVE-2021-23002
03/31/20215.55.3F5 BIG-IP ASM iControl REST unrestricted upload(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.05CVE-2021-23001
03/31/20213.53.4F5 BIG-IP TMM denial of service(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.00CVE-2021-23000
03/31/20213.53.4F5 BIG-IP HTTP2 Profile resource consumption(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.00CVE-2021-22999
03/31/20214.34.1F5 BIG-IP SNAT resource consumption(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.00CVE-2021-22998
03/31/20216.36.0F5 BIG-IP Advanced WAF/ASM TMUI Remote Privilege Escalation(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.05CVE-2021-22990
03/31/20216.36.0F5 BIG-IQ High Availability unknown vulnerability(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.21CVE-2021-22997
03/31/20213.53.4F5 BIG-IQ Data Collection denial of service(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined1.38CVE-2021-22996
03/31/20216.36.0F5 BIG-IQ High Availability unknown vulnerability(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.00CVE-2021-22995
03/31/20213.02.9F5 BIG-IP iControl REST cross site scripting(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.73CVE-2021-22994
03/31/20213.02.9F5 BIG-IP Advanced WAF/ASM TMUI cross site scripting(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined1.69CVE-2021-22993
03/31/20218.07.6F5 BIG-IP Advanced WAF/ASM TMUI unknown vulnerability(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.05CVE-2021-22989
03/31/20218.88.4F5 BIG-IP TMUI Remote Privilege Escalation(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.05CVE-2021-22988
03/31/20218.07.6F5 BIG-IP Advanced WAF/ASM Data Plane buffer overflow(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.06CVE-2021-22992
03/31/20218.07.6F5 BIG-IP Data Plane buffer overflow(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.05CVE-2021-22991
03/31/20218.88.4F5 BIG-IP TMUI Remote Privilege Escalation(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined1.22CVE-2021-22987
03/31/20219.89.4F5 BIG-IP/BIG-IQ iControl REST Remote Code Execution(4): source_cve_assigned, vulnerability_cvss2_vuldb_tempscore, vulnerability_cvss3_vuldb_tempscore, vulnerability_cvss3_meta_tempscoreNot DefinedNot Defined0.00CVE-2021-22986
03/31/20217.07.0Camunda Modeler IPC Message writeFile state issue(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedNot Defined0.93CVE-2021-28154
03/31/20215.14.9GNOME GLib g_file_replace symlink(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedOfficial Fix0.05CVE-2021-28153
03/31/20214.84.2Microsoft Windows modem.sys information disclosure(1): exploit_dateProof-of-ConceptOfficial Fix0.06CVE-2021-1699
03/31/20217.06.7MagicConnect Client untrusted search path(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedOfficial Fix0.92CVE-2021-20674
03/31/20215.75.4Linux Kernel Floppy Disk Drive Controller Driver fd0 race condition(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedOfficial Fix1.58CVE-2021-20261
03/31/20217.67.3JMS Client for RabbitMQ StreamMessage Data deserialization(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedOfficial Fix0.08CVE-2020-36282
03/31/20216.56.2Dan Bloomberg Leptonica colorquant1.c pixFewColorsOctcubeQuantMixed heap-based overflow(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedOfficial Fix1.12CVE-2020-36281
03/31/20216.56.2Dan Bloomberg Leptonica tiffio.c pixReadFromTiffStream heap-based overflow(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedOfficial Fix0.09CVE-2020-36280
03/31/20216.56.2Dan Bloomberg Leptonica adaptmap_reg.c rasteropGeneralLow heap-based overflow(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedOfficial Fix0.04CVE-2020-36279
03/31/20216.56.2Dan Bloomberg Leptonica ccbord.c findNextBorderPixel heap-based overflow(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedOfficial Fix0.04CVE-2020-36278
03/31/20215.55.3Dan Bloomberg Leptonica pixconv.c pixConvert2To8 denial of service(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedOfficial Fix1.60CVE-2020-36277
03/31/20216.16.1Quadbase EspressReports ES File Upload cross-site request forgery(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedNot Defined1.60CVE-2020-24984
03/31/20216.56.5Quadbase EspressReports ES POST Request cross-site request forgery(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedNot Defined0.04CVE-2020-24983
03/31/20217.67.6Wind River VxWorks DNS ipdnsc_decode_name stack-based overflow(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedNot Defined0.41CVE-2016-20009
03/31/20218.08.0food-and-drink-menu Plugin fdm_cart Cookie class-cart-manager.php load_cart_from_cookie deserialization(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedNot Defined1.36CVE-2020-29045
03/31/20215.05.0Bloomreach Experience Manager cross-site request forgery(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedNot Defined0.04CVE-2020-14989
03/31/20215.55.5Bloomreach Experience Manager Login Page unrestricted upload(16): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedNot Defined0.04CVE-2020-14988
03/31/20218.88.4D-Link DIR-3060 prog.cgi SetVirtualServerSettings command injection(16): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedOfficial Fix0.04CVE-2021-28144
03/31/20218.08.0Progress Telerik UI for ASP.NET AJAX Telerik.Web.UI.WebResource.axd command injection(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedNot Defined1.13CVE-2021-28141
03/31/20214.44.4ImpressCMS Profile content.php cross site scripting(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedNot Defined0.00CVE-2021-28088
03/31/20214.44.4Batflat CMS Navigation cross site scripting(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedNot Defined0.11CVE-2021-27679
03/31/20214.44.4Batflat CMS Snippets cross site scripting(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedNot Defined0.05CVE-2021-27678
03/31/20214.44.4Batflat CMS Galleries cross site scripting(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedNot Defined1.30CVE-2021-27677
03/31/20214.44.4CSZ CMS cross site scripting(18): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedNot Defined0.40CVE-2021-26776
03/31/20216.56.2Flatpak File Forwarding injection(19): vulnerability_cvss3_nvd_av, vulnerability_cvss3_nvd_ac, vulnerability_cvss3_nvd_pr, vulnerability_cvss3_nvd_ui, vulnerability_cvss3_nvd_s, vulnerability_cvss3_nvd_c, vulnerability_cvss3_nvd_i, vulnerability_cvss3_nvd_a, vulnerability_cvss2_nvd_av, vulnerability_cvss2_nvd_ac, vulnerability_cvss2_nvd_au, vulnerability_cvss2_nvd_ci, vulnerability_cvss2_nvd_ii, vulnerability_cvss2_nvd_ai, source_cve_cna, vulnerability_cvss3_meta_basescore, vulnerability_cvss3_meta_tempscore, vulnerability_cvss2_nvd_basescore, vulnerability_cvss3_nvd_basescoreNot DefinedOfficial Fix0.04CVE-2021-21381

Do you want to use VulDB in your project?

Use the official API to access entries easily!