Exploits 02/10/2021info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
02/10/2021$25k-$100k$5k-$25kGoogle Chrome Blink heap-based overflowNot Defined
 
 
0.00CVE-2021-21128
02/10/2021$25k-$100k$5k-$25kGoogle Chrome Payment use after freeProof-of-Concept
 
 
0.00CVE-2021-21142
02/10/2021$25k-$100k$5k-$25kGoogle Chrome Extension heap-based overflowNot Defined
 
 
0.00CVE-2021-21143
02/10/2021$25k-$100k$5k-$25kGoogle Chrome Font use after freeNot Defined
 
 
0.00CVE-2021-21145
02/10/2021$25k-$100k$5k-$25kGoogle Chrome Navigation use after freeNot Defined
 
 
0.00CVE-2021-21146
02/10/2021$25k-$100k$5k-$25kGoogle Chrome Tab Group heap-based overflowNot Defined
 
 
0.00CVE-2021-21144
02/10/2021$25k-$100k$5k-$25kGoogle Chrome DevTools sandboxNot Defined
 
 
0.00CVE-2021-21132
02/10/2021$25k-$100k$5k-$25kGoogle Chrome iFrame Sandbox access controlNot Defined
 
 
0.00CVE-2021-21139
02/10/2021$25k-$100k$5k-$25kGoogle Chrome Performance API unknown vulnerabilityNot Defined
 
 
0.06CVE-2021-21135
02/10/2021$25k-$100k$5k-$25kGoogle Chrome WebView unknown vulnerabilityNot Defined
 
 
0.00CVE-2021-21136
02/10/2021$25k-$100k$5k-$25kGoogle Chrome Skia clickjackingNot Defined
 
 
0.00CVE-2021-21147
02/10/2021$25k-$100k$5k-$25kGoogle Chrome File System API improper authenticationNot Defined
 
 
0.00CVE-2021-21129
02/10/2021$25k-$100k$5k-$25kGoogle Chrome File System API improper authenticationNot Defined
 
 
0.52CVE-2021-21130
02/10/2021$25k-$100k$5k-$25kGoogle Chrome File System API improper authenticationNot Defined
 
 
0.54CVE-2021-21131
02/10/2021$25k-$100k$5k-$25kGoogle Chrome Download improper authenticationNot Defined
 
 
0.36CVE-2021-21133
02/10/2021$25k-$100k$5k-$25kGoogle Chrome Page Info authentication spoofingNot Defined
 
 
1.40CVE-2021-21134
02/10/2021$25k-$100k$5k-$25kGoogle Chrome File System API improper authenticationNot Defined
 
 
0.50CVE-2021-21141
02/10/2021$25k-$100k$5k-$25kGoogle Chrome DevTools use after freeNot Defined
 
 
0.38CVE-2021-21138
02/10/2021$25k-$100k$5k-$25kGoogle Chrome USB Device uninitialized pointerNot Defined
 
 
0.00CVE-2021-21140
02/10/2021$25k-$100k$5k-$25kGoogle Chrome DevTools information disclosureNot Defined
 
 
0.05CVE-2021-21137
02/10/2021$5k-$25k$5k-$25kHPE Moonshot Provisioning Manager khuploadfile.cgi stack-based overflowNot Defined
 
 
0.75CVE-2021-25139
02/10/2021$5k-$25k$0-$5kDell EMC PowerScale OneFS privileges managementNot Defined
 
 
0.45CVE-2021-21502
02/10/2021$5k-$25k$5k-$25kSAP SCIMono Java Expression injectionNot Defined
 
 
0.06CVE-2021-21479
02/10/2021$5k-$25k$5k-$25kHPE T0986H01 Idelji Web ViewPoint Suite access controlNot Defined
 
 
2.05CVE-2021-3191
02/10/2021$5k-$25k$0-$5kDell EMC PowerScale OneFS Directory insufficient permissions or privilegesNot Defined
 
 
1.82CVE-2020-26195
02/10/2021$5k-$25k$0-$5kSiemens SIMARIS Configuration Folder default permissionNot Defined
 
 
2.23CVE-2020-28392
02/10/2021$5k-$25k$0-$5kSAP Business Objects BI Platform X-Frame-Options Header clickjackingNot Defined
 
 
0.50CVE-2021-21444
02/10/2021$5k-$25k$0-$5kSAP Commerce Cloud Drools Rule injectionNot Defined
 
 
0.05CVE-2021-21477
02/10/2021$5k-$25k$0-$5kSiemens SIMATIC HMI Comfort Panel Telnet Service missing authenticationProof-of-Concept
 
Link0.00CVE-2020-15798
02/10/2021$5k-$25k$0-$5kSiemens PCS neo/TIA Portal access controlNot Defined
 
 
0.65CVE-2020-25238
02/10/2021$5k-$25k$0-$5kSiemens JT2Go/Teamcenter Visualization BMP File memory corruptionNot Defined
 
 
1.95CVE-2020-27000
02/10/2021$5k-$25k$0-$5kSiemens JT2Go/Teamcenter Visualization PAR File stack-based overflowNot Defined
 
 
1.84CVE-2020-27001
02/10/2021$5k-$25k$0-$5kSiemens JT2Go/Teamcenter Visualization TGA File out-of-bounds writeNot Defined
 
 
0.37CVE-2020-27005
02/10/2021$5k-$25k$0-$5kSiemens JT2Go/Teamcenter Visualization PCT File memory corruptionNot Defined
 
 
0.37CVE-2020-27006
02/10/2021$5k-$25k$0-$5kSiemens DIGSI 4 default permissionNot Defined
 
 
0.83CVE-2020-25245
02/10/2021$5k-$25k$0-$5kMcAfee Total Protection privileges managementNot Defined
 
 
0.00CVE-2021-23873
02/10/2021$5k-$25k$0-$5kMcAfee Total Protection Remote Procedure Call privileges managementNot Defined
 
 
0.00CVE-2021-23876
02/10/2021$5k-$25k$5k-$25kHPE Moonshot Provisioning Manager khuploadfile.cgi pathname traversalNot Defined
 
 
1.65CVE-2021-25140
02/10/2021$5k-$25k$0-$5kSAP Master Data Management File API pathname traversalNot Defined
 
 
0.05CVE-2021-21475
02/10/2021$5k-$25k$5k-$25kHPE T0662H01 Idelji Web ViewPoint Suite authentication replayNot Defined
 
 
0.82CVE-2021-22267
02/10/2021$5k-$25k$0-$5kSAP UI5 redirectNot Defined
 
 
0.12CVE-2021-21476
02/10/2021$5k-$25k$0-$5kSAP Web Dynpro ABAP redirectNot Defined
 
 
0.05CVE-2021-21478
02/10/2021$5k-$25k$0-$5kSAP Software Provisioning Manager missing authenticationNot Defined
 
 
0.96CVE-2021-21472
02/10/2021$5k-$25k$0-$5kSiemens SIMATIC PCS 7/SIMATIC WinCC authentication bypassNot Defined
 
 
0.07CVE-2020-10048
02/10/2021$5k-$25k$0-$5kSAP HANA Database SAML Token signature verificationNot Defined
 
 
0.17CVE-2021-21474
02/10/2021$5k-$25k$0-$5kSiemens SINEC NMS/SINEMA Server ZIP File path traversalNot Defined
 
 
0.14CVE-2020-25237
02/10/2021$5k-$25k$0-$5kDell EMC PowerScale OneFS Job privileges managementNot Defined
 
 
0.00CVE-2020-26191
02/10/2021$5k-$25k$0-$5kDell EMC PowerScale OneFS os command injectionNot Defined
 
 
0.15CVE-2020-26193
02/10/2021$5k-$25k$0-$5kMcAfee Total Protection MTP Self-Defense privileges managementNot Defined
 
 
0.00CVE-2021-23874
02/10/2021$5k-$25k$0-$5kDell EMC PowerScale OneFS permission assignmentNot Defined
 
 
0.00CVE-2020-26194

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!