Exploits 02/23/2021info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
02/23/2021$25k-$100k$5k-$25kGoogle Chrome Data Transfer buffer overflowNot Defined
 
 
0.21CVE-2021-21149
02/23/2021$25k-$100k$5k-$25kGoogle Chrome HTML Page use after freeNot Defined
 
 
0.16CVE-2021-21150
02/23/2021$25k-$100k$5k-$25kGoogle Chrome Payments use after freeNot Defined
 
 
0.21CVE-2021-21151
02/23/2021$25k-$100k$5k-$25kGoogle Chrome Media heap-based overflowNot Defined
 
 
0.21CVE-2021-21152
02/23/2021$25k-$100k$5k-$25kGoogle Chrome GPU Process stack-based overflowNot Defined
 
 
0.63CVE-2021-21153
02/23/2021$25k-$100k$5k-$25kGoogle Chrome Tab Strip heap-based overflowNot Defined
 
 
0.79CVE-2021-21154
02/23/2021$25k-$100k$5k-$25kGoogle Chrome Tab Strip heap-based overflowNot Defined
 
 
0.79CVE-2021-21155
02/23/2021$25k-$100k$5k-$25kGoogle Chrome V8 heap-based overflowNot Defined
 
 
1.00CVE-2021-21156
02/23/2021$25k-$100k$5k-$25kGoogle Chrome Web Sockets use after freeNot Defined
 
 
1.16CVE-2021-21157
02/23/2021$25k-$100k$5k-$25kLinux Kernel Object io_uring use after freeNot Defined
 
 
0.11CVE-2021-20226
02/23/2021$5k-$25k$5k-$25kIBM Planning Analytics information disclosureNot Defined
 
 
0.00CVE-2020-4953
02/23/2021$0-$5k$0-$5kLuxion KeyShot Project File out-of-bounds writeNot Defined
 
 
0.00CVE-2021-22647
02/23/2021$0-$5k$0-$5kWECON LeviStudioU Project File buffer overflowNot Defined
 
 
0.62CVE-2020-16243
02/23/2021$0-$5k$0-$5kImageMagick quantum-private.h integer overflowNot Defined
 
 
0.05CVE-2020-27768
02/23/2021$0-$5k$0-$5kFontForge SFD File Parser out-of-bounds writeNot Defined
 
 
0.46CVE-2020-25690
02/23/2021$0-$5k$0-$5kLuxion KeyShot Network Share dll Remote Privilege EscalationNot Defined
 
 
0.05CVE-2021-22645
02/23/2021$0-$5k$0-$5kAdvantech WebAccess/SCADA WADashboard Remote Privilege EscalationNot Defined
 
 
0.07CVE-2020-25161
02/23/2021$0-$5k$0-$5kgeojson2kml index.js command injectionProof-of-Concept
 
 
0.10CVE-2020-28429
02/23/2021$0-$5k$0-$5kwc-cmd index.js command injectionProof-of-Concept
 
 
0.00CVE-2020-28431
02/23/2021$0-$5k$0-$5ktheme-core utils.js command injectionProof-of-Concept
 
 
0.07CVE-2020-28432
02/23/2021$0-$5k$0-$5kipTIME NAS-I Bulletin Manage unrestricted uploadNot Defined
 
 
0.05CVE-2020-7847
02/23/2021$0-$5k$0-$5kPostgreSQL Query authorizationNot Defined
 
 
0.26CVE-2021-20229
02/23/2021$0-$5k$0-$5knuance-gulp-build-common index.js command injectionProof-of-Concept
 
 
0.00CVE-2020-28430
02/23/2021$0-$5k$0-$5kAtlassian JIRA Server for Slack Plugin Endpoint injectionNot Defined
 
 
0.21CVE-2021-26068
02/23/2021$0-$5k$0-$5knetplex json-smart-v1/json-smart-v2 unknown vulnerabilityNot Defined
 
 
0.11CVE-2021-27568
02/23/2021$0-$5k$0-$5kAtlassian atlassian-gadgets HTTP Request MessageBundleWhiteList unknown vulnerabilityNot Defined
 
 
0.12CVE-2020-36232
02/23/2021$0-$5k$0-$5kRendertron Screenshot server-side request forgeryNot Defined
 
 
0.05CVE-2020-8902
02/23/2021$0-$5k$0-$5kNozomi Guardian/CMC Web GUI os command injectionNot Defined
 
 
0.06CVE-2021-26724
02/23/2021$0-$5k$0-$5kUndertow HTTP Request 1.x request smugglingNot Defined
 
 
0.21CVE-2021-20220
02/23/2021$0-$5k$0-$5kOpenshift Installer Kublet missing authenticationNot Defined
 
 
0.00CVE-2021-20198
02/23/2021$0-$5k$0-$5kCIRA Canadian Shield App certificate validationNot Defined
 
 
0.05CVE-2021-27189
02/23/2021$0-$5k$0-$5kLuxion KeyShot Project File out-of-bounds readNot Defined
 
 
0.06CVE-2021-22643
02/23/2021$0-$5k$0-$5kNozomi Guardian/CMC Web GUI path traversalNot Defined
 
 
0.12CVE-2021-26725
02/23/2021$0-$5k$0-$5kstunnel certificate validationNot Defined
 
 
0.11CVE-2021-20230
02/23/2021$0-$5k$0-$5kAtlassian JIRA Server/Data Center CachingResourceDownloadRewriteRule information disclosureNot Defined
 
 
0.05CVE-2020-29453
02/23/2021$0-$5k$0-$5kAtlassian Confluence Server/Confluence Data Center ConfluenceResourceDownloadRewriteRule information disclosureNot Defined
 
 
0.21CVE-2020-29448
02/23/2021$0-$5k$0-$5kKeycloak HTTP Header authentication bypassNot Defined
 
 
0.32CVE-2020-14359
02/23/2021$0-$5k$0-$5kGist Chatbot Chatbox cross site scriptingProof-of-Concept
 
Link0.00CVE-2020-35852
02/23/2021$0-$5k$0-$5klibxls XLS Cell Parser xls2csv.c null pointer dereferenceProof-of-Concept
 
Link0.05CVE-2020-27819
02/23/2021$0-$5k$0-$5kLuxion KeyShot Project File null pointer dereferenceNot Defined
 
 
0.00CVE-2021-22649
02/23/2021$0-$5k$0-$5kNanoHTTPD HTTP GET RouterNanoHTTPD.java GeneralHandler cross site scriptingNot Defined
 
 
0.11CVE-2020-13697
02/23/2021$0-$5k$0-$5kfastadmin cross site scriptingProof-of-Concept
 
Link0.05CVE-2020-26609
02/23/2021$0-$5k$0-$5kKeybase Desktop Client Cache information disclosureNot Defined
 
 
0.07CVE-2021-23827

Do you need the next level of professionalism?

Upgrade your account now!