CNA 2021

VulDB is an officially certified CVE Numbering Authority (CNA) by MITRE and Authorized Data Publisher (ADP) by NIST NVD. We are authorized to handle new vulnerability submissions, assign unique CVEs and disclose them. CVE is an international program to discover vulnerabilities which are then assigned and published to the CVE list. Partners coordinate such CVE entries to communicate consistent descriptions. Information technology and cybersecurity professionals all around the world use CVE records to ensure they are discussing the same issues, and to coordinate their efforts to prioritize and address these properly.

Vendor

Not Defined28
OpenMRS5
ctrlo5
cronvel3
01-Scripts2

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product

ctrlo lenio5
slackero phpwcms2
OpenMRS Admin UI Module2
OpenMRS openmrs-module-referenceapplication2
studygolang2

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix85
Temporary Fix0
Workaround1
Unavailable0
Not Defined5

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional0
Proof-of-Concept18
Unproven0
Not Defined73

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical0
Local1
Adjacent26
Network64

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High4
Low74
None13

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required44
None47

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

VulDB

≤10
≤21
≤38
≤441
≤512
≤618
≤711
≤80
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

Exploit 0-day

<1k16
<2k74
<5k1
<10k0
<25k0
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

IDVulnerabilityScopeResponsibleSubmissionCreatedUpdatedCVESubmitCNA
259508kyivstarteam react-native-sms-user-consent SmsUserConsentModule.kt registerReceiver improper export of android application componentsVulDBVulDB04/05/202404/05/2024CVE-2021-4438
 
accepted
253406dbartholomae lambda-middleware frameguard JSON Mime-Type JsonDeserializer.ts redosVulDBVulDB02/11/202403/03/2024CVE-2021-4437
 
accepted
250836Karjasoft Sami HTTP Server HTTP HEAD Rrequest denial of serviceVulDBVulDB01/13/202401/16/202402/06/2024CVE-2021-4433267090
accepted
250719PCMan FTP Server USER Command denial of serviceVulDBVulDB01/13/202401/14/202402/03/2024CVE-2021-4432267088
accepted
244494msyk FMDataAPI FMDataAPI_Sample.php cross site scriptingVulDBVulDB11/05/202312/02/2023CVE-2021-4431
 
accepted
244485Ortus Solutions ColdBox Elixir ENV Variable defaultConfig.js information disclosureVulDBVulDB11/04/202312/02/2023CVE-2021-4430
 
accepted
234247what3words Autosuggest Plugin Setting class-w3w-autosuggest-public.php enqueue_scripts information disclosureVulDBVulDB07/16/202308/06/2023CVE-2021-4428
 
accepted
230084ITRS Group monitor-ninja scheduled_reports.php sql injectionVulDBVulDB05/27/202306/21/2023CVE-2021-4336
 
accepted
222266json-logic-js logic.js command injectionVulDBVulDB03/03/202303/31/2023CVE-2021-4329
 
accepted
222223狮子鱼CMS ApiController.class.php goods_detail sql injectionVulDBVulDB03/02/202303/02/202303/30/2023CVE-2021-432896988
accepted
222074SerenityOS TypedArray.cpp initialize_typed_array_from_array_buffer integer overflowVulDBVulDB03/01/202303/26/2023CVE-2021-4327
 
accepted
221501NHN TOAST UI Chart Legend cross site scriptingVulDBVulDB02/19/202303/23/2023CVE-2021-4325
 
accepted
219676NYUCCL psiTurk experiment.py special elements used in a template engineVulDBVulDB01/27/202302/23/2023CVE-2021-4315
 
accepted
218393NethServer phonenehome index.php get_country_coor sql injectionVulDBVulDB01/15/202302/07/2023CVE-2021-4313
 
accepted
218295Th3-822 Rapidleech zip.php zip_go cross site scriptingVulDBVulDB01/13/202302/07/2023CVE-2021-4312
 
accepted
217666Talend Open Studio for MDM XML xml external entity referenceVulDBVulDB01/09/202301/30/2023CVE-2021-4311
 
accepted
21766201-Scripts 01-Artikelsystem 01article.php cross site scriptingVulDBVulDB01/09/202301/30/2023CVE-2021-4310
 
accepted
21764901-Scripts 01ACP cross site scriptingVulDBVulDB01/08/202301/30/2023CVE-2021-4309
 
accepted
217637WebPA sql injectionVulDBVulDB01/08/202301/30/2023CVE-2021-4308
 
accepted
217627Yomguithereal Baobab prototype pollutionVulDBVulDB01/07/202301/30/2023CVE-2021-4307
 
accepted
217620cronvel terminal-kit redosVulDBVulDB01/07/202301/29/2023CVE-2021-4306
 
accepted
217448Woorank robots-txt-guard patterns.js makePathPattern redosVulDBVulDB01/05/202301/28/2023CVE-2021-4305
 
accepted
217447eprintsug ulcc-core toolbox command injectionVulDBVulDB01/05/202301/28/2023CVE-2021-4304
 
accepted
217442shannah Xataface Installer install_form.js.php testftp cross site scriptingVulDBVulDB01/05/202301/28/2023CVE-2021-4303
 
accepted
217419slackero phpwcms SVG File cross site scriptingVulDBVulDB01/04/202301/28/2023CVE-2021-4302
 
accepted
217418slackero phpwcms sql injectionVulDBVulDB01/04/202301/28/2023CVE-2021-4301
 
accepted
217417ghostlander Halcyon Block Verification main.cpp AddToBlockIndex access controlVulDBVulDB01/04/202301/28/2023CVE-2021-4300
 
accepted
217180cronvel string-kit naturalSort.js naturalSort redosVulDBVulDB01/02/202301/26/2023CVE-2021-4299
 
accepted
217179Hesburgh Libraries of Notre Dame Sipity search_criteria_for_works_parameter.rb SearchCriteriaForWorksParameter sql injectionVulDBVulDB01/02/202301/26/2023CVE-2021-4298
 
accepted
217174trampgeek jobe Restapi.php runs_post Privilege EscalationVulDBVulDB01/01/202301/26/2023CVE-2021-4297
 
accepted
217019w3c Unicorn ValidatorNuMessage.java ValidatorNuMessage cross site scriptingVulDBVulDB12/29/202201/26/2023CVE-2021-4296
 
accepted
217018ONC code-validator-api XML CodeValidatorApiConfiguration.java vocabularyValidationConfigurations xml external entity referenceVulDBVulDB12/29/202201/26/2023CVE-2021-4295
 
accepted
216987OpenShift OSIN CheckClientSecret timing discrepancyVulDBVulDB12/28/202201/25/2023CVE-2021-4294
 
accepted
216954gnuboard youngcart5 menu_list_update.php cross site scriptingVulDBVulDB12/28/202201/25/2023CVE-2021-4293
 
accepted
216917OpenMRS Admin UI Module Manage Privilege Page privilege.gsp cross site scriptingVulDBVulDB12/28/202201/25/2023CVE-2021-4292
 
accepted
216916OpenMRS Admin UI Module location.gsp cross site scriptingVulDBVulDB12/27/202201/25/2023CVE-2021-4291
 
accepted
216907DHBW Fallstudie Login passport.js sql injectionVulDBVulDB12/27/202201/25/2023CVE-2021-4290
 
accepted
216883OpenMRS openmrs-module-referenceapplication User App Page UserAppPageController.java post cross site scriptingVulDBVulDB12/27/202201/25/2023CVE-2021-4289
 
accepted
216881OpenMRS openmrs-module-referenceapplication userApp.gsp cross site scriptingVulDBVulDB12/27/202201/25/2023CVE-2021-4288
 
accepted
216876ReFirm Labs binwalk Archive Extraction extractor.py symlinkVulDBVulDB12/27/202201/24/2023CVE-2021-4287
 
accepted
216875cocagne pysrp _ctsrp.py calculate_x information exposureVulDBVulDB12/27/202201/24/2023CVE-2021-4286
 
accepted
216874Nagios NCPA tail.html cross site scriptingVulDBVulDB12/27/202201/24/2023CVE-2021-4285
 
accepted
216873OpenMRS HTML Form Entry UI Framework Integration Module cross site scriptingVulDBVulDB12/27/202201/24/2023CVE-2021-4284
 
accepted
216872FreeBPX voicemail Settings ssettings.php cross site scriptingVulDBVulDB12/27/202201/24/2023CVE-2021-4283
 
accepted
216871FreePBX voicemail page.voicemail.php cross site scriptingVulDBVulDB12/27/202201/24/2023CVE-2021-4282
 
accepted
216842Brave UX for-the-badge combine-prs.yml os command injectionVulDBVulDB12/26/202201/24/2023CVE-2021-4281
 
accepted
216780styler_praat_scripts Slash file_segmenter.praat denial of serviceVulDBVulDB12/25/202201/24/2023CVE-2021-4280
 
accepted
216778Starcounter-Jack JSON-Patch prototype pollutionVulDBVulDB12/25/202201/24/2023CVE-2021-4279
 
accepted
216765cronvel tree-kit prototype pollutionVulDBVulDB12/25/202201/24/2023CVE-2021-4278
 
accepted
216749fredsmith utils Filename screenshot_sync predictable stateVulDBVulDB12/24/202201/24/2023CVE-2021-4277
 
accepted
216746dns-stats hedgehog DSCIOManager.cpp dsc_import_input_from_source sql injection [Disputed]VulDBVulDB12/24/202201/24/2023CVE-2021-4276
 
accepted
216498katlings pyambic-pentameter cross-site request forgeryVulDBVulDB12/21/202201/22/2023CVE-2021-4275
 
accepted
216479sileht bird-lg layout.html cross site scriptingVulDBVulDB12/21/202201/22/2023CVE-2021-4274
 
accepted
216478studygolang search.go Search cross site scriptingVulDBVulDB12/21/202201/22/2023CVE-2021-4273
 
accepted
216477studygolang topics.js cross site scriptingVulDBVulDB12/21/202201/22/2023CVE-2021-4272
 
accepted
216476panicsteve w2wiki Markdown index.php toHTML cross site scriptingVulDBVulDB12/21/202201/22/2023CVE-2021-4271
 
accepted
216474Imprint CMS ViewHelpers.cs SearchForm cross site scriptingVulDBVulDB12/21/202201/22/2023CVE-2021-4270
 
accepted
216472SimpleRisk common.js checkAndSetValidation cross site scriptingVulDBVulDB12/21/202201/22/2023CVE-2021-4269
 
accepted
216471phpRedisAdmin cross-site request forgeryVulDBVulDB12/21/202201/22/2023CVE-2021-4268
 
accepted
216469tad_discuss cross site scriptingVulDBVulDB12/21/202201/21/2023CVE-2021-4267
 
accepted
216468Webdetails cpf DependenciesPackage.java cross site scriptingVulDBVulDB12/21/202201/21/2023CVE-2021-4266
 
accepted
216467siwapp-ror cross site scriptingVulDBVulDB12/21/202201/21/2023CVE-2021-4265
 
accepted
216464LinkedIn dustjs prototype pollutionVulDBVulDB12/21/202201/21/2023CVE-2021-4264
 
accepted
216461leanote history.js define cross site scriptingVulDBVulDB12/21/202203/03/2023CVE-2021-4263
 
accepted
216271laravel-jqgrid EloquentRepositoryAbstract.php getRows sql injectionVulDBVulDB12/19/202201/15/2023CVE-2021-4262
 
accepted
216270pacman-canvas db-handler.php addHighscore sql injectionVulDBVulDB12/19/202201/15/2023CVE-2021-4261
 
accepted
216268oils-js Web.js redirectVulDBVulDB12/19/202201/15/2023CVE-2021-4260
 
accepted
216267phpRedisAdmin login.inc.php authHttpDigest wrong operator in string comparisonVulDBVulDB12/19/202201/15/2023CVE-2021-4259
 
accepted
216251whohas Package Information cleartext transmission [Disputed]VulDBVulDB12/19/202201/15/2023CVE-2021-4258
 
accepted
216214ctrlo lenio Task task.tt cross site scriptingVulDBVulDB12/18/202201/15/2023CVE-2021-4257
 
accepted
216213ctrlo lenio index.tt cross site scriptingVulDBVulDB12/18/202201/15/2023CVE-2021-4256
 
accepted
216212ctrlo lenio contractor.tt cross site scriptingVulDBVulDB12/18/202201/15/2023CVE-2021-4255
 
accepted
216211ctrlo lenio Notice main.tt cross site scriptingVulDBVulDB12/18/202201/15/2023CVE-2021-4254
 
accepted
216210ctrlo lenio Ticket Lenio.pm cross site scriptingVulDBVulDB12/18/202201/15/2023CVE-2021-4253
 
accepted
216209WP-Ban ban-options.php toggle_checkbox cross site scriptingVulDBVulDB12/18/202201/15/2023CVE-2021-4252
 
accepted
216208as include.cdn.php getFullURL cross site scriptingVulDBVulDB12/18/202201/15/2023CVE-2021-4251
 
accepted
216207cgriego active_attr Regex boolean_typecaster.rb call denial of serviceVulDBVulDB12/18/202201/15/2023CVE-2021-4250
 
accepted
216204xml-conduit DOCTYPE Entity Expansion Parse.hs infinite loopVulDBVulDB12/18/202201/15/2023CVE-2021-4249
 
accepted
216188kapetan dns Request.cs entropyVulDBVulDB12/18/202201/15/2023CVE-2021-4248
 
accepted
216184OWASP NodeGoat Query Parameter research.js denial of serviceVulDBVulDB12/18/202201/14/2023CVE-2021-4247
 
accepted
216176roxlukas LMeve Login Page sql injectionVulDBVulDB12/17/202201/14/2023CVE-2021-4246
 
accepted
215883chbrown rfc6902 pointer.ts prototype pollutionVulDBVulDB12/15/202201/13/2023CVE-2021-4245
 
accepted
215307yikes-inc-easy-mailchimp-extender Plugin add_field_to_form.php cross site scriptingVulDBVulDB12/12/202201/02/2023CVE-2021-4244
 
accepted
215306claviska jquery-minicolors jquery.minicolors.js cross site scriptingVulDBVulDB12/12/202202/21/2023CVE-2021-32850
 
accepted
214592Sapido BR270n/BRC76n/GR297/RB1732 syscmd.htm os command injectionVulDBVulDB11/27/202211/30/202212/24/2022CVE-2021-424253660
accepted
213744phpservermon User.php setUserLoggedIn predictable algorithm in random number generatorVulDBVulDB11/15/202212/19/2022CVE-2021-4241
 
accepted
213717phpservermon User.php generatePasswordResetToken predictable algorithm in random number generatorVulDBVulDB11/15/202212/18/2022CVE-2021-4240
 
accepted
185453ua-parser-js Crypto Mining backdoorVulDBVulDB10/27/202105/24/2022CVE-2021-4229
 
accepted
183172Airfield Online MySQL Backup improper authenticationVulDBVulDB09/21/202109/21/202105/24/2022CVE-2021-423021069
accepted
181356Angular Comment cross site scriptingVulDBVulDB08/24/202108/24/202105/26/2022CVE-2021-423118901
accepted
178254PHPGurukul Zoo Management System manage-ticket.php cross site scriptingVulDBVulDB07/11/202107/11/202105/26/2022CVE-2021-423216098
accepted

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!