Archive 02/09/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1704368.87.7Microsoft Windows Extended Protection for Authentication improper authentication$25k-$100k$5k-$25kUnprovenOfficial Fix0.03CVE-2020-17162
1695306.55.7Microsoft Windows Trust Verification API denial of service$5k-$25k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-24080
1695299.88.5Microsoft Windows TCP/IP Remote Code Execution$100k and more$25k-$100kUnprovenOfficial Fix0.09CVE-2021-24094
1695289.88.5Microsoft Windows TCP/IP Remote Code Execution$100k and more$25k-$100kUnprovenOfficial Fix0.00CVE-2021-24074
1695277.56.5Microsoft Windows TCP/IP denial of service$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2021-24086
1695267.56.5Microsoft Windows Remote Procedure Call information disclosure$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2021-1734
1695258.87.7Microsoft Windows Local Spooler Privilege Escalation$100k and more$25k-$100kUnprovenOfficial Fix0.05CVE-2021-24088
1695244.33.8Microsoft Windows Microsoft.PowerShell.Utility Module protection mechanism$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2021-24082
1695237.86.8Microsoft Windows PKU2U Local Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2021-25195
1695224.43.8Microsoft Windows PFX Encryption Security protection mechanism$25k-$100k$5k-$25kUnprovenOfficial Fix0.08CVE-2021-1731
1695216.85.9Microsoft Windows Network File System denial of service$5k-$25k$0-$5kUnprovenOfficial Fix0.05CVE-2021-24075
1695205.54.8Microsoft Windows Mobile Device Management information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.05CVE-2021-24084
1695197.86.8Microsoft Windows Win32 Win32k Local Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2021-1698
1695187.87.2Microsoft Windows Win32k Local Privilege Escalation$25k-$100k$0-$5kFunctionalOfficial Fix0.04CVE-2021-1732
1695177.86.8Microsoft Windows Kernel Local Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2021-24096
1695167.87.0Microsoft Windows Installer Local Privilege Escalation$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.05CVE-2021-1727
1695157.86.8Microsoft Windows Event Tracing Local Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-24103
1695147.86.8Microsoft Windows Event Tracing Local Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2021-24102
1695134.43.8Microsoft Windows DirectX information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.04CVE-2021-24106
1695127.86.8Microsoft Windows Defender Local Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2021-24092
1695115.54.8Microsoft Windows Console Driver denial of service$5k-$25k$0-$5kUnprovenOfficial Fix0.06CVE-2021-24098
1695105.54.8Microsoft Windows Backup Engine information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.06CVE-2021-24079
1695097.06.1Microsoft Windows Address Book Remote Code Execution$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-24083
1695087.06.1Microsoft Visual Studio Code npm-script Extension Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2021-26700
1695076.05.2Microsoft Visual Studio Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2021-1639
1695068.87.7Microsoft System Center Operations Manager Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2021-1728
1695057.87.0Microsoft Sysinternals PsExec Local Privilege Escalation$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.08CVE-2021-1733
1695046.55.7Microsoft Lync Server/Skype for Business Server denial of service$5k-$25k$0-$5kUnprovenOfficial Fix0.03CVE-2021-24099
1695036.55.9Microsoft Lync Server/Skype for Business Server unknown vulnerability$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.00CVE-2021-24073
1695028.17.1Microsoft Windows Fax Service Remote Code Execution$100k and more$25k-$100kUnprovenOfficial Fix0.05CVE-2021-1722
1695019.88.5Microsoft Windows Fax Service Remote Code Execution$100k and more$25k-$100kUnprovenOfficial Fix0.04CVE-2021-24077
1695005.55.0Microsoft Windows VMSwitch information disclosure$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.06CVE-2021-24076
1694999.88.5Microsoft Windows DNS Server Remote Code Execution$100k and more$25k-$100kUnprovenOfficial Fix0.04CVE-2021-24078
1694988.37.3Microsoft Windows Remote Code Execution$100k and more$25k-$100kUnprovenOfficial Fix0.06CVE-2021-24091
1694978.37.5Microsoft Windows Codecs Library Remote Code Execution$100k and more$25k-$100kProof-of-ConceptOfficial Fix0.09CVE-2021-24081
1694965.75.0Microsoft Teams information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2021-24114
1694958.87.7Microsoft SharePoint Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2021-24072
1694948.87.7Microsoft SharePoint Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2021-24066
1694938.07.0Microsoft SharePoint Privilege Escalation$5k-$25k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-1726
1694924.23.8Microsoft SharePoint information disclosure$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.06CVE-2021-24071
1694917.06.1Microsoft Office Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.06CVE-2021-24070
1694907.06.1Microsoft Office Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.07CVE-2021-24069
1694897.06.1Microsoft Office Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.05CVE-2021-24068
1694887.06.1Microsoft Office Remote Code Execution$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2021-24067
1694878.87.7Microsoft Windows Graphics Remote Code Execution$100k and more$25k-$100kUnprovenOfficial Fix0.00CVE-2021-24093
1694865.44.9Microsoft Exchange Server unknown vulnerability$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.09CVE-2021-1730
1694856.55.7Microsoft Exchange Server Privilege Escalation$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2021-24085
1694843.93.5Microsoft Edge information disclosure$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2021-24100
1694834.74.3Microsoft Dynamics NAV/Dynamics 365 Business Central cross site scripting$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2021-1724
1694826.55.9Microsoft Dynamics 365 information disclosure$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2021-24101

Want to stay up to date on a daily basis?

Enable the mail alert feature now!