Archive 03/09/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1710297.56.8Microsoft Edge memory corruption$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.14CVE-2021-26411
1710287.86.8Microsoft Windows Win32k privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-26900
1710277.86.8Microsoft Windows Win32k privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-26875
1710267.36.3Microsoft Windows Win32k privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-26863
1710257.87.0Microsoft Windows Win32k privileges management$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.00CVE-2021-27077
1710247.86.8Microsoft Windows WalletService privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.07CVE-2021-26885
1710237.86.8Microsoft Windows WalletService privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2021-26871
1710228.37.3Microsoft Windows Virtual Registry Provider privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-26864
1710217.36.3Microsoft Windows User Profile Service privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.01CVE-2021-26873
1710207.36.4Microsoft Windows Update Stack Setup privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-1729
1710197.66.6Microsoft Windows Update Stack privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-26889
1710187.06.1Microsoft Windows Update Service privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-26866
1710177.86.8Microsoft Windows UPnP Device Host privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-26899
1710167.86.8Microsoft Windows Projected File System privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2021-26870
1710157.86.8Microsoft Windows Print Spooler privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2021-26878
1710147.86.8Microsoft Windows Print Spooler privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.28CVE-2021-1640
1710137.86.8Microsoft Windows Overlay Filter privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-26874
1710127.56.5Microsoft Windows NAT denial of service$5k-$25k$5k-$25kUnprovenOfficial Fix0.07CVE-2021-26879
1710114.84.2Microsoft Windows Media Photo Codec information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.07CVE-2021-26884
1710107.06.1Microsoft Windows Installer privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-26862
1710099.58.3Microsoft Windows Hyper-V Remote Privilege Escalation$100k and more$25k-$100kUnprovenOfficial Fix0.00CVE-2021-26867
1710087.86.8Microsoft Windows Graphics Local Privilege Escalation$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2021-26861
1710077.86.8Microsoft Windows Graphics privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.14CVE-2021-26868
1710065.75.2Microsoft Windows Extensible Firmware Interface unknown vulnerability$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.08CVE-2021-26892
1710054.84.2Microsoft Windows Event Tracing information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2021-24107
1710047.86.8Microsoft Windows Event Tracing privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-26901
1710037.86.8Microsoft Windows Event Tracing privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2021-26898
1710027.86.8Microsoft Windows Event Tracing privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-26872
1710017.86.8Microsoft Windows Error Reporting privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-24090
1710009.88.5Microsoft Windows DNS Server Remote Code Execution$100k and more$25k-$100kUnprovenOfficial Fix0.08CVE-2021-26897
1709999.88.5Microsoft Windows DNS Server Remote Code Execution$100k and more$25k-$100kUnprovenOfficial Fix0.00CVE-2021-26895
1709989.88.5Microsoft Windows DNS Server Remote Code Execution$100k and more$25k-$100kUnprovenOfficial Fix0.00CVE-2021-26894
1709979.88.5Microsoft Windows DNS Server Remote Code Execution$100k and more$25k-$100kUnprovenOfficial Fix0.00CVE-2021-26893
1709969.88.5Microsoft Windows DNS Server code injection$25k-$100k$25k-$100kUnprovenOfficial Fix0.00CVE-2021-26877
1709957.56.5Microsoft Windows DNS Server denial of service$5k-$25k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-27063
1709947.56.5Microsoft Windows DNS Server denial of service$5k-$25k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-26896
1709937.86.8Microsoft Windows Container Execution Agent privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-26891
1709928.57.4Microsoft Windows Container Execution Agent privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.10CVE-2021-26865
1709917.86.8Microsoft Windows App-V Overlay Filter privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.07CVE-2021-26860
1709904.33.8Microsoft Windows Admin Center information disclosure$25k-$100k$5k-$25kUnprovenOfficial Fix0.27CVE-2021-27066
1709894.84.2Microsoft Windows ActiveX Installer Service information disclosure$5k-$25k$0-$5kUnprovenOfficial Fix0.04CVE-2021-26869
1709887.66.7Microsoft Windows Update Assistant privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.04CVE-2021-27070
1709877.36.4Microsoft Visual Studio Code Remote Code Execution$5k-$25k$5k-$25kUnprovenOfficial Fix0.14CVE-2021-27060
1709867.36.4Microsoft Visual Studio Code Java Extension Pack Remote Code Execution$5k-$25k$5k-$25kUnprovenOfficial Fix0.27CVE-2021-27084
1709857.36.4Microsoft Visual Studio Code ESLint Extension Remote Code Execution$5k-$25k$5k-$25kUnprovenOfficial Fix0.04CVE-2021-27081
1709845.75.0Microsoft Windows User Profile Service denial of service$5k-$25k$0-$5kUnprovenOfficial Fix0.08CVE-2021-26886
1709837.86.8Microsoft Windows Storage Spaces Controller privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2021-26880
1709827.36.4Microsoft Visual Studio Code Remote Containers Extension Remote Code Execution$5k-$25k$5k-$25kUnprovenOfficial Fix0.07CVE-2021-27083
1709818.17.1Microsoft Windows Remote Access API privileges management$25k-$100k$5k-$25kUnprovenOfficial Fix0.00CVE-2021-26882
1709807.36.4Microsoft Quantum Development Kit for Visual Studio Code Remote Code Execution$5k-$25k$5k-$25kUnprovenOfficial Fix0.45CVE-2021-27082

Do you need the next level of professionalism?

Upgrade your account now!