Archive 06/10/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

IDBaseTempVulnerability0dayTodayExpRemCTICVE
1768276.86.5NetSetMan Pro Save Log to File Local Privilege Escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-34546
1768267.87.5McAfee Agent uncontrolled search path$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-31840
1768256.36.0McAfee Agent MA Event Folder privileges management$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-31839
1768244.44.3Trace Financial CRESTBridge cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-24668
1768234.44.3Trace Financial CRESTBridge cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-24663
1768223.53.5Irzip stream.c lzma_decompress_buf use after free$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2021-27347
1768216.36.0F5 BIG-IP APM/BIG-IP APM Clients Windows Installer Service permission$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-23022
1768205.55.5MongoDB Go Driver BSON injection$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-20329
1768197.57.2Trace Financial CRESTBridge sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-24671
1768187.57.2Trace Financial CRESTBridge sql injection$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-24667
1768174.34.3XScreenSaver Video Output update_screen_layout buffer overflow$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-34557
1768167.37.0LabCup Save API improper authentication$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-33031
1768153.53.5Irzip stream.c ucompthread null pointer dereference$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2021-27345
1768143.53.5Irzip stream.c lzo_decompress_buf null pointer dereference$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-25467
1768133.53.5Kiuwan Plugin Query Parameter cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2021-21666
1768123.53.5XebiaLabs XL Deploy Plugin cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-21665
1768113.53.5TP-Link TL-SG2005/TL-SG2008 cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-31659
1768103.53.5PRTG Network Monitor editsettings cross-site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-34547
1768094.64.6XebiaLabs XL Deploy Plugin authorization$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-21664
1768084.64.6XebiaLabs XL Deploy Plugin authorization$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-21663
1768073.53.5XebiaLabs XL Deploy Plugin authorization$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2021-21662
1768065.55.5Kubernetes CLI Plugin HTTP Endpoint authorization$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-21661
1768053.53.4SmartStream Transaction Lifecycle Management Reconciliation Premium cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-24662
1768043.53.4Grant Averett Cerberus FTP Server Web Client cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-25046
1768035.55.3Annex Cloud Loyalty Experience Platform Campaign access control$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-31929
1768025.55.3Annex Cloud Loyalty Experience Platform access control$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-31928
1768014.64.4Annex Cloud Loyalty Experience Platform resource injection$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-31927
1768005.55.5TP-Link TL-SG2005/TL-SG2008 Device Description Interface array index$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-31658
1767995.55.5LANCOM R&S Unified Firewall path traversal$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2021-31538
1767985.55.3F5 BIG-IP APM/BIG-IP APM Clients Windows Installer cachecleaner.dll uncontrolled search path$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-23023
1767975.55.5ZTE ZXHN HS562 Cloud-End App access control$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-21736
1767964.34.3ZTE ZXHN H168N Wizard Page information disclosure$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2021-21735
1767954.34.1OpenDMARC Header Field null pointer dereference$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-34555
1767946.36.0Google Chrome Network Service use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-30553
1767936.36.0Google Chrome Extension use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-30552
1767926.36.0Google Chrome V8 type confusion$25k-$100k$5k-$25kNot DefinedOfficial Fix0.05CVE-2021-30551
1767916.36.0Google Chrome Accessibility use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2021-30550
1767906.36.0Google Chrome Spell Check use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2021-30549
1767896.36.0Google Chrome Loader use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2021-30548
1767886.36.0Google Chrome ANGLE out-of-bounds write$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2021-30547
1767876.36.0Google Chrome Autofill use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2021-30546
1767866.36.0Google Chrome Extension use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2021-30545
1767856.36.0Google Chrome BFCache use after free$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2021-30544
1767844.74.5Bridgecrew Checkov Terraform File deserialization$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-3040
1767833.53.5RESTEasy URL Encoding cross site scripting$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2021-20293
1767828.88.4Zoho ManageEngine ServiceDesk Plus Disallowed Input List Privilege Escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-20081
1767818.88.4Palo Alto Cortex XDR Agent uncontrolled search path$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-3041
1767804.34.1CubeCoders AMP Java Version Setting Privilege Escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-34539
1767792.72.6Palo Alto Prisma Cloud Compute Console debug log file$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-3039
1767786.36.0set-getter Prototype code injection$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-25949

138 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!