CNA 2020

VulDB is an officially certified CVE Numbering Authority (CNA) by MITRE and Authorized Data Publisher (ADP) by NIST NVD. We are authorized to handle new vulnerability submissions, assign unique CVEs and disclose them. CVE is an international program to discover vulnerabilities which are then assigned and published to the CVE list. Partners coordinate such CVE entries to communicate consistent descriptions. Information technology and cybersecurity professionals all around the world use CVE records to ensure they are discussing the same issues, and to coordinate their efforts to prioritize and address these properly.

Vendor

Not Defined16
Artesãos3
SevOne3
GE3
GENI2

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

Artesãos SEOTools3
SevOne Network Management System3
GE Voluson S83
GENI Portal2
Chris92de AdminServ2

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix52
Temporary Fix0
Workaround1
Unavailable6
Not Defined16

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High1
Functional1
Proof-of-Concept21
Unproven0
Not Defined52

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical0
Local2
Adjacent25
Network48

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High2
Low59
None14

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required28
None47

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

VulDB

≤10
≤20
≤32
≤422
≤510
≤622
≤714
≤83
≤92
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

Exploit 0-day

<1k14
<2k56
<5k5
<10k0
<25k0
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

IDVulnerabilityScopeResponsibleSubmissionCreatedUpdatedCVESubmitCNA
258612DiscuzX install_function.php show_next_step cross site scriptingVulDBVulDB03/29/202403/29/2024CVE-2020-36828
 
accepted
257784AwesomestCode LiveBot parseMessage.js parseSend cross site scriptingVulDBVulDB03/23/202403/23/2024CVE-2020-36826
 
accepted
257782cyberaz0r WebRAT api.php download_file unrestricted uploadVulDBVulDB03/23/202403/23/2024CVE-2020-36825
 
accepted
246642rl-institut NESP2 database.py sql injectionVulDBVulDB12/02/202312/22/2023CVE-2020-36768
 
accepted
234248ONS Digital RAS Collection Instrument comment.yml jobs os command injectionVulDBVulDB07/16/202308/06/2023CVE-2020-36762
 
accepted
222233Artesãos SEOTools TwitterCards.php eachValue redirectVulDBVulDB03/02/202303/30/2023CVE-2020-36665
 
accepted
222232Artesãos SEOTools SEOMeta.php setTitle redirectVulDBVulDB03/02/202303/30/2023CVE-2020-36664
 
accepted
222231Artesãos SEOTools OpenGraph.php makeTag redirectVulDBVulDB03/02/202303/30/2023CVE-2020-36663
 
accepted
220642Kong lua-multipart multipart.lua is_header redosVulDBVulDB02/11/202303/10/2023CVE-2020-36661
 
accepted
220211paxswill EVE Ship Replacement Program User Information api.py information disclosureVulDBVulDB02/05/202303/05/2023CVE-2020-36660
 
accepted
218475GENI Portal sliceresource.php no_invocation_id_error cross site scriptingVulDBVulDB01/17/202302/09/2023CVE-2020-36654
 
accepted
218474GENI Portal error-text.php cross site scriptingVulDBVulDB01/17/202302/09/2023CVE-2020-36653
 
accepted
218461youngerheart nodeserver nodeserver.js path traversalVulDBVulDB01/17/202302/09/2023CVE-2020-36651
 
accepted
218019IonicaBizau node-gry command injectionVulDBVulDB01/11/202302/04/2023CVE-2020-36650
 
accepted
218004mholt PapaParse papaparse.js redosVulDBVulDB01/11/202302/01/2023CVE-2020-36649
 
accepted
217641pouetnet pouet sql injectionVulDBVulDB01/08/202301/30/2023CVE-2020-36648
 
accepted
217638YunoHost-Apps transmission_ynh nginx.conf path traversalVulDBVulDB01/08/202301/30/2023CVE-2020-36647
 
accepted
217629MediaArea ZenLib Ztring.cpp Date_From_Seconds_1970_Local unknown vulnerabilityVulDBVulDB01/07/202301/30/2023CVE-2020-36646
 
accepted
217623square squalor sql injectionVulDBVulDB01/07/202301/30/2023CVE-2020-36645
 
accepted
217597jamesmartin Inline SVG URL Parameter helpers.rb cross site scriptingVulDBVulDB01/07/202301/29/2023CVE-2020-36644
 
accepted
217563intgr uqm-wasm msgbox_macosx.m log_displayBox format stringVulDBVulDB01/06/202302/03/2023
 
rejected
217553trampgeek jobe LanguageTask.php run_in_sandbox command injectionVulDBVulDB01/06/202301/29/2023CVE-2020-36642
 
accepted
217450gturri aXMLRPC ResponseParser.java ResponseParser xml external entity referenceVulDBVulDB01/05/202302/13/2024CVE-2020-36641
 
accepted
217443bonitasoft bonita-connector-webservice SecureWSConnector.java TransformerConfigurationException xml external entity referenceVulDBVulDB01/05/202301/28/2023CVE-2020-36640
 
accepted
217354AlliedModders AMX Mod X Console Command adminvote.sma cmdVoteMap path traversalVulDBVulDB01/04/202301/28/2023CVE-2020-36639
 
accepted
217043Chris92de AdminServ adminserv.php cross site scriptingVulDBVulDB12/30/202201/26/2023CVE-2020-36638
 
accepted
217042Chris92de AdminServ adminserv.php cross site scriptingVulDBVulDB12/30/202201/26/2023CVE-2020-36637
 
accepted
216918OpenMRS Admin UI Module Account Setup AccountPageController.java sendErrorMessage cross site scriptingVulDBVulDB12/28/202201/25/2023CVE-2020-36636
 
accepted
216915OpenMRS Appointment Scheduling Module AppointmentTypeValidator.java validateFieldName cross site scriptingVulDBVulDB12/27/202201/25/2023CVE-2020-36635
 
accepted
216882Indeed Engineering util ViewExportedVariablesServlet.java appendTo cross site scriptingVulDBVulDB12/27/202201/25/2023CVE-2020-36634
 
accepted
216879moodle-block_sitenews block_sitenews.php get_content cross-site request forgeryVulDBVulDB12/27/202201/25/2023CVE-2020-36633
 
accepted
216777hughsk flat index.js unflatten prototype pollutionVulDBVulDB12/25/202201/24/2023CVE-2020-36632
 
accepted
216772barronwaffles dwc_network_server_emulator gs_database.py update_profile sql injectionVulDBVulDB12/25/202201/24/2023CVE-2020-36631
 
accepted
216771FreePBX cdr Cdr.class.php ajaxHandler sql injectionVulDBVulDB12/25/202201/24/2023CVE-2020-36630
 
accepted
216748SimbCo httpster server.coffee fs.realpathSync path traversalVulDBVulDB12/24/202201/24/2023CVE-2020-36629
 
accepted
216747Calsign APDE ZIP File CopyBuildTask.java handleExtract path traversalVulDBVulDB12/24/202201/24/2023CVE-2020-36628
 
accepted
216745Macaron i18n i18n.go redirectVulDBVulDB12/24/202201/24/2023CVE-2020-36627
 
accepted
216738Modern Tribe Panel Builder Plugin SearchFilter.php add_post_content_filtered_to_search_sql sql injectionVulDBVulDB12/24/202201/24/2023CVE-2020-36626
 
accepted
216521destiny.gg chat main.go websocket.Upgrader cross-site request forgeryVulDBVulDB12/22/202201/22/2023CVE-2020-36625
 
accepted
216520ahorner text-helpers translation.rb reverse tabnabbingVulDBVulDB12/22/202201/22/2023CVE-2020-36624
 
accepted
216475Pengu index.js runApp cross-site request forgeryVulDBVulDB12/21/202201/22/2023CVE-2020-36623
 
accepted
216473sah-comp bienlein cross-site request forgeryVulDBVulDB12/21/202201/22/2023CVE-2020-36622
 
accepted
216470chedabob whatismyudid mobileconfig.js exports.enrollment cross site scriptingVulDBVulDB12/21/202201/22/2023CVE-2020-36621
 
accepted
216466Brondahl EnumStringValues EnumExtensions.cs GetStringValuesWithPreferences_Uncache resource consumptionVulDBVulDB12/21/202201/21/2023CVE-2020-36620
 
accepted
216269multimon-ng demod_flex.c add_ch format stringVulDBVulDB12/19/202201/15/2023CVE-2020-36619
 
accepted
216252Furqan node-whois index.coffee prototype pollutionVulDBVulDB12/19/202201/15/2023CVE-2020-36618
 
accepted
216205ewxrjk sftpserver parse.c sftp_parse_path uninitialized pointer [Disputed]VulDBVulDB12/18/202201/15/2023CVE-2020-36617
 
accepted
215116annyshow DuxCMS cross-site request forgeryVulDBVulDB12/08/202207/31/2023CVE-2020-36610
 
accepted
215115annyshow DuxCMS Article edit cross site scriptingVulDBVulDB12/08/202207/31/2023CVE-2020-36609
 
accepted
212816Tribal Systems Zenario CMS Error Log Module admin_organizer.js cross site scriptingVulDBVulDB11/02/202212/03/2022CVE-2020-36608
 
accepted
164513Server Status HTTP Status/SMTP Status cross site scriptingVulDBVulDB11/08/202005/27/2022CVE-2020-36527
 
accepted
164512Countdown Timer Macro cross site scriptingVulDBVulDB11/08/202005/27/2022CVE-2020-36526
 
accepted
164511Linking New Windows Macro cross site scriptingVulDBVulDB11/08/202005/27/2022CVE-2020-36525
 
accepted
164510Refined Toolkit UI-Image/UI-Button cross site scriptingVulDBVulDB11/08/202005/27/2022CVE-2020-36524
 
accepted
164509PlantUML Database Information Macro cross site scriptingVulDBVulDB11/08/202005/27/2022CVE-2020-36523
 
accepted
162264Platinum Mobile MobileHandler.ashx access controlVulDBVulDB10/04/202005/27/2022CVE-2020-36528
 
accepted
162263SevOne Network Management System Device Manager Page injectionVulDBVulDB10/04/202006/03/2022CVE-2020-36531
 
accepted
162262SevOne Network Management System Alert Summary sql injectionVulDBVulDB10/04/202006/03/2022CVE-2020-36530
 
accepted
162261SevOne Network Management System Traceroute traceroute.php command injectionVulDBVulDB10/04/202006/03/2022CVE-2020-36529
 
accepted
160763Klapp App JSON Web Token improper authenticationVulDBVulDB09/07/202006/03/2022CVE-2020-36533
 
accepted
160762Klapp App Authorization Credentials information disclosureVulDBVulDB09/07/202006/03/2022CVE-2020-36532
 
accepted
160278easyii CMS out cross-site request forgeryVulDBVulDB08/26/202011/07/2022CVE-2020-36534
 
accepted
159957MINMAX newsDia.php sql injectionVulDBVulDB08/14/202008/17/202006/03/2022CVE-2020-36535187
accepted
159956Brandbugle main.php sql injectionVulDBVulDB08/14/202008/17/202006/03/2022CVE-2020-36536186
accepted
159955Eatan CMS sql injectionVulDBVulDB08/14/202008/17/202006/03/2022CVE-2020-36538185
accepted
159954Everywhere CMS sql injectionVulDBVulDB08/14/202008/17/202006/03/2022CVE-2020-36537184
accepted
159953Lógico y Creativo sql injectionVulDBVulDB08/14/202008/17/202006/03/2022CVE-2020-36539183
accepted
159438Neetai Tech product.php sql injectionVulDBVulDB07/08/202008/10/202006/03/2022CVE-2020-36540179
accepted
159435Demokratian install3.php privileges managementVulDBVulDB08/10/202006/03/2022CVE-2020-36542
 
accepted
159434Demokratian genera_select.php sql injectionVulDBVulDB05/05/202008/10/202006/03/2022CVE-2020-36541170
accepted
159430SialWeb CMS Search cross site scriptingVulDBVulDB08/10/202006/04/2022CVE-2020-36544
 
accepted
159429SialWeb CMS about.php sql injectionVulDBVulDB03/22/202008/10/202006/04/2022CVE-2020-36543158
accepted
129835GE Voluson S8 Windows Operating System Patches privileges managementVulDBVulDB01/17/201907/01/2023CVE-2020-36549
 
accepted
129834GE Voluson S8 Service Browser users.cgi improper authenticationVulDBVulDB01/17/201907/01/2023CVE-2020-36548
 
accepted
129833GE Voluson S8 Service Browser hard-coded credentialsVulDBVulDB01/17/201907/01/2023CVE-2020-36547
 
accepted

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!