Archive 01/09/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

1675297.57.2Google Chrome Audio buffer overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21116
1675287.37.0Google Chrome Safe Browsing use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2021-21115
1675277.57.2Google Chrome Audio use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2021-21114
1675267.57.2Google Chrome Skia buffer overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2021-21113
1675257.57.2Google Chrome Blink use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2021-21112
1675247.37.0Google Chrome Policy Enforcement sandbox$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2021-21111
1675237.97.6Google Chrome HTML Page use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21110
1675227.37.0Google Chrome Payments use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2021-21109
1675217.37.0Google Chrome Renderer Process use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2021-21108
1675207.37.0Google Chrome Renderer Process use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-21107
1675197.97.6Google Chrome Autofill use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2021-21106
1675185.35.3SonicWALL NetExtender Client unquoted search path$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-5147
1675176.36.3SonicWall SMA100 HTTP POST os command injection$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-5146
1675165.35.3IBM Spectrum Protect Plus VDAP Proxy information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-5022
1675155.05.0IBM Spectrum Protect Plus Session password recovery$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-5021
1675145.25.2IBM Spectrum Protect Plus clickjacking$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-5020
1675135.45.4IBM Spectrum Protect Plus HTTP Host Header cross site scripting$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2020-5019
1675125.35.3IBM Spectrum Protect Plus URL information disclosure$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-5018
1675114.14.1IBM Spectrum Protect Plus permission$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2020-5017
1675104.44.4IBM Jazz Foundation Web UI cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-4733
1675094.44.4IBM Jazz Foundation Web UI cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-4697
1675084.44.4IBM Jazz Foundation Web UI cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.49CVE-2020-4691
1675074.34.3IBM Jazz Foundation information exposure$5k-$25k$5k-$25kNot DefinedNot Defined0.53CVE-2020-4544
1675064.34.3IBM Jazz Foundation information exposure$5k-$25k$5k-$25kNot DefinedNot Defined0.37CVE-2020-4487
1675058.07.7Cockpit JSON Data Database.php injection$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.96CVE-2020-35131
1675044.44.4Rocket.Chat Password Reset information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-28208
1675037.07.0VideoLAN VLC Media Player MKV File send heap-based overflow$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2020-26664
1675023.73.6Dell Inspiron 5675 UEFI BIOS memory corruption$0-$5k$0-$5kNot DefinedOfficial Fix0.37CVE-2020-26186
1675013.73.6Ceph mgr module cleartext storage$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-25678
1675005.95.7Barco NDN-210 Web Administration Panel ngpsystemcmd.php command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.21CVE-2020-17504
1674996.76.4Barco NDN-210 Web Administration Panel split_card_cmd.php command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.29CVE-2020-17503
1674986.76.4Barco TransForm N Web Administration Panel split_card_cmd.php command injection$0-$5k$0-$5kNot DefinedOfficial Fix0.33CVE-2020-17502
1674977.57.2Google Chrome Network Traffic access control$25k-$100k$5k-$25kNot DefinedOfficial Fix0.20CVE-2020-16043
1674966.46.1Google Chrome HTML Page Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-16036
1674956.96.6Google Chrome Remote Code Execution$25k-$100k$5k-$25kNot DefinedOfficial Fix0.29CVE-2020-16035
1674944.84.6Google Chrome WebRTC Local Privilege Escalation$25k-$100k$5k-$25kNot DefinedOfficial Fix0.21CVE-2020-16034
1674934.34.1Google Chrome UI improper restriction of rendered ui layers$25k-$100k$5k-$25kNot DefinedOfficial Fix0.25CVE-2020-16033
1674924.34.1Google Chrome Omnibox clickjacking$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-16032
1674914.34.1Google Chrome Omnibox clickjacking$25k-$100k$5k-$25kNot DefinedOfficial Fix0.21CVE-2020-16031
1674905.24.9Google Chrome Blink cross site scripting$5k-$25k$5k-$25kNot DefinedOfficial Fix0.09CVE-2020-16030
1674897.57.2Google Chrome PDFium authorization$25k-$100k$5k-$25kNot DefinedOfficial Fix0.21CVE-2020-16029
1674887.57.2Google Chrome WebRTC heap-based overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-16028
1674875.45.1Google Chrome Developer Tools information disclosure$25k-$100k$5k-$25kNot DefinedOfficial Fix0.16CVE-2020-16027
1674867.57.2Google Chrome WebRTC use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-16026
1674857.97.6Google Chrome Clipboard heap-based overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-16025
1674847.97.6Google Chrome UI buffer overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix0.16CVE-2020-16024
1674837.57.2Google Chrome WebCodecs use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.12CVE-2020-16023
1674827.57.2Google Chrome Firewall Controls protection mechanism$25k-$100k$5k-$25kNot DefinedOfficial Fix0.16CVE-2020-16022
1674816.26.0Google Chrome Image Burner access control$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-16021
1674806.96.6Google Chrome cryptohome access control$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2020-16020

Might our Artificial Intelligence support you?

Check our Alexa App!