Archive April 2021

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

PublishedBaseTempVulnerability0dayTodayExpRemCTICVE
04/10/20217.87.8SonicWall GMS improper authentication$0-$5k$0-$5kNot DefinedNot Defined3.06CVE-2021-20020
04/10/20215.04.7Zoom Chat Remote Privilege Escalation$5k-$25k$5k-$25kProof-of-ConceptNot Defined4.53-CVE-2021-30480
04/10/20213.33.3Samsung Account Pendingetent improper authorization$0-$5k$0-$5kNot DefinedOfficial Fix3.32-CVE-2021-25381
04/10/20215.85.8Samsung Bixby Exception Remote Code Execution$0-$5k$0-$5kNot DefinedOfficial Fix3.51-CVE-2021-25380
04/10/20213.33.3Samsung Gallery Intents information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix3.25-CVE-2021-25379
04/10/20213.33.3Samsung SmartThings Port denial of service$0-$5k$0-$5kNot DefinedOfficial Fix3.19-CVE-2021-25378
04/10/20213.33.3Samsung Experience Service Intent improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix2.49-CVE-2021-25377
04/10/20213.13.1Samsung Email Synchronization information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix2.55-CVE-2021-25376
04/10/20214.34.3Samsung Email Attachment information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix2.55-CVE-2021-25375
04/10/20215.35.3Samsung Members samsungrewards Scheme for Deeplink improper authorization$0-$5k$0-$5kNot DefinedOfficial Fix3.06-CVE-2021-25374
04/10/20213.33.3Samsung Customization Service Pendingetent improper authorization$0-$5k$0-$5kNot DefinedOfficial Fix2.80-CVE-2021-25373
04/10/20215.35.3Samsung softsimd API privileges management$0-$5k$0-$5kNot DefinedOfficial Fix2.86-CVE-2021-25365
04/10/20213.33.3Samsung Secure Folder Contact Information information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix3.63-CVE-2021-25364
04/10/20215.35.3Samsung ActivityManagerService privileges management$0-$5k$0-$5kNot DefinedOfficial Fix3.44-CVE-2021-25363
04/10/20214.44.4Samsung CertInstaller privileges management$0-$5k$0-$5kNot DefinedOfficial Fix2.99-CVE-2021-25362
04/10/20215.35.3Samsung StickerCenter access control$0-$5k$0-$5kNot DefinedOfficial Fix3.25-CVE-2021-25361
04/10/20219.89.8Samsung libswmfextractor heap-based overflow$0-$5k$0-$5kNot DefinedOfficial Fix4.14-CVE-2021-25360
04/10/20213.33.3Samsung SELinux Policy AP Information permission$0-$5k$0-$5kNot DefinedOfficial Fix3.56-CVE-2021-25359
04/10/20213.33.3Samsung Smart Phone IMSI Value permission$0-$5k$0-$5kNot DefinedOfficial Fix3.13-CVE-2021-25358
04/10/20212.52.5Samsung Create Movie Contact Information information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix3.56-CVE-2021-25357
04/10/20217.87.8Samsung Managed Provisioning permission$0-$5k$0-$5kNot DefinedOfficial Fix3.25-CVE-2021-25356
04/10/20214.34.3ZTE ZXA10 C300M Configuration Error resource consumption$0-$5k$0-$5kNot DefinedWorkaround3.06-CVE-2021-21728
04/10/20216.36.3Discord Recon Server code injection$0-$5k$0-$5kNot DefinedOfficial Fix3.31-CVE-2021-21433
04/10/20214.64.6Vela .netrc improper authorization$0-$5k$0-$5kNot DefinedOfficial Fix2.93-CVE-2021-21432
04/10/20216.36.3Google Chrome Aura use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix4.26-CVE-2021-21199
04/10/20216.36.3Google Chrome IPC out-of-bounds read$25k-$100k$5k-$25kNot DefinedOfficial Fix3.24-CVE-2021-21198
04/10/20216.36.3Google Chrome TabStrip heap-based overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix4.98-CVE-2021-21197
04/10/20216.36.3Google Chrome TabStrip heap-based overflow$25k-$100k$5k-$25kNot DefinedOfficial Fix3.25-CVE-2021-21196
04/10/20216.36.3Google Chrome v8 use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix4.72-CVE-2021-21195
04/10/20216.36.3Google Chrome Screen Sharing use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix2.86-CVE-2021-21194
04/10/20214.34.3Zoho ManageEngine ServiceDesk Plus/AssetExplorer XML Asset File cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix2.73-CVE-2021-20080
04/10/20216.36.3SonicWALL Email Security unrestricted upload$0-$5k$0-$5kNot DefinedNot Defined2.54-CVE-2021-20022
04/10/20216.36.3SonicWALL Email Security HTTP Request privileges management$0-$5k$0-$5kNot DefinedNot Defined2.23-CVE-2021-20021
04/10/20217.37.3Online Book Store admin.php sql injection$0-$5k$0-$5kNot DefinedNot Defined1.97-CVE-2020-23763
04/10/20213.53.5Larsens Calender Plugin cross site scripting$0-$5k$0-$5kNot DefinedNot Defined1.91-CVE-2020-23762
04/10/20213.53.5Subrion CMS Payment Gateway cross site scripting$0-$5k$0-$5kNot DefinedNot Defined1.97-CVE-2020-23761
04/10/20215.55.5Rukovoditel Project Management App choices sql injection$0-$5k$0-$5kNot DefinedNot Defined2.29-CVE-2020-13592
04/10/20215.55.5Rukovoditel Project Management App rules_form sql injection$0-$5k$0-$5kNot DefinedNot Defined2.61-CVE-2020-13591
04/10/20213.53.5Rukovoditel Project Management App rules cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined4.34-CVE-2020-13587
04/10/20215.55.5Dreamreport Dream Report CLSID access control$0-$5k$0-$5kNot DefinedNot Defined3.88-CVE-2020-13534
04/10/20215.55.5Dreamreport Dream Report Binary backdoor$0-$5k$0-$5kNot DefinedNot Defined4.02-CVE-2020-13533
04/10/20218.08.0Dreamreport Dream Report Syncfusion Dashboard Service access control$0-$5k$0-$5kNot DefinedNot Defined5.11-CVE-2020-13532
04/09/20214.34.3IBM Spectrum Scale Filesystem Audit Log unknown vulnerability$5k-$25k$5k-$25kNot DefinedNot Defined2.92CVE-2021-29671
04/09/20218.88.8Erlang OTP erlsrv.exe access control$0-$5k$0-$5kNot DefinedOfficial Fix2.79CVE-2021-29221
04/09/20215.55.5Skyworth Digital Technology RN510 app-staticIP.asp unknown vulnerability$0-$5k$0-$5kNot DefinedNot Defined2.79CVE-2021-25328
04/09/20213.53.5Skyworth Digital Technology RN510 net-routeadd.asp cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined2.41CVE-2021-25327
04/09/20216.36.3Skyworth Digital Technology RN510 Wi-Fi test_version.asp access control$0-$5k$0-$5kNot DefinedNot Defined2.80CVE-2021-25326
04/09/20213.83.8sopel-channelmgnt Kick Command access control$0-$5k$0-$5kNot DefinedOfficial Fix2.09CVE-2021-21431
04/09/20213.53.5Unibox SMB/Enterprise Series/Campus Series network-trace cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined2.17CVE-2020-21884
04/09/20218.08.0Unibox U-50/Enterprise Series/Campus Series ping os command injection$0-$5k$0-$5kNot DefinedNot Defined2.22CVE-2020-21883

Do you need the next level of professionalism?

Upgrade your account now!