Exploits 03/05/2021

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
03/05/2021$25k-$100k$5k-$25kGoogle Chrome Extensions Remote Code ExecutionNot Defined
 
 
0.00CVE-2021-21185
03/05/2021$25k-$100k$5k-$25kGoogle Chrome Blink use after freeNot Defined
 
 
0.07CVE-2021-21188
03/05/2021$25k-$100k$5k-$25kGoogle Chrome PDFium uninitialized pointerNot Defined
 
 
0.00CVE-2021-21190
03/05/2021$25k-$100k$5k-$25kGoogle Chrome Performance API origin validationNot Defined
 
 
0.00CVE-2021-21184
03/05/2021$25k-$100k$5k-$25kGoogle Chrome URL Format unknown vulnerabilityNot Defined
 
 
0.00CVE-2021-21187
03/05/2021$25k-$100k$5k-$25kGoogle Chrome QR Scanning authorizationNot Defined
 
 
0.00CVE-2021-21186
03/05/2021$25k-$100k$5k-$25kGoogle Chrome Payments improper authenticationNot Defined
 
 
0.00CVE-2021-21189
03/05/2021$5k-$25k$5k-$25kJoomla! Form Filter input validationNot Defined
 
 
0.05CVE-2021-26029
03/05/2021$5k-$25k$5k-$25kJoomla! Template Manager input validationNot Defined
 
 
0.08CVE-2021-23131
03/05/2021$5k-$25k$0-$5kFacebook Zstandard permissionNot Defined
 
 
0.07CVE-2021-24032
03/05/2021$5k-$25k$0-$5kFacebook Zstandard permissionNot Defined
 
 
0.00CVE-2021-24031
03/05/2021$5k-$25k$5k-$25kJoomla! com_media path traversalNot Defined
 
 
0.05CVE-2021-23132
03/05/2021$5k-$25k$5k-$25kJoomla! ZIP Package path traversalNot Defined
 
 
0.00CVE-2021-26028
03/05/2021$5k-$25k$0-$5kSUSE Rancher cross site scriptingNot Defined
 
 
0.00CVE-2021-25313
03/05/2021$5k-$25k$0-$5kJoomla! Category exposure of resourceNot Defined
 
 
0.00CVE-2021-26027
03/05/2021$0-$5k$0-$5kIBM Engineering Web UI cross site scriptingNot Defined
 
 
0.00CVE-2021-20340
03/05/2021$0-$5k$0-$5kIBM Engineering Web UI cross site scriptingNot Defined
 
 
0.00CVE-2020-4856
03/05/2021$0-$5k$0-$5kIBM Engineering Web UI cross site scriptingNot Defined
 
 
0.05CVE-2020-4857
03/05/2021$0-$5k$0-$5kIBM Engineering Web UI cross site scriptingNot Defined
 
 
0.00CVE-2020-4866
03/05/2021$0-$5k$0-$5kIBM Engineering Web UI cross site scriptingNot Defined
 
 
0.00CVE-2021-20350
03/05/2021$0-$5k$0-$5kIBM Engineering Web UI cross site scriptingNot Defined
 
 
0.00CVE-2021-20351
03/05/2021$0-$5k$0-$5kJoomla! Feed Field cross site scriptingNot Defined
 
 
0.00CVE-2021-23130
03/05/2021$0-$5k$0-$5kIBM Engineering Web UI cross site scriptingNot Defined
 
 
0.00CVE-2020-4863
03/05/2021$0-$5k$0-$5kIBM Engineering Web UI cross site scriptingNot Defined
 
 
0.05CVE-2020-4975
03/05/2021$0-$5k$0-$5kJoomla! Message cross site scriptingNot Defined
 
 
0.06CVE-2021-23129
03/05/2021$0-$5k$0-$5kJoomla! 2FA Secret random valuesNot Defined
 
 
0.00CVE-2021-23127
03/05/2021$0-$5k$0-$5kJoomla! 2FA Secret rand random valuesNot Defined
 
 
0.00CVE-2021-23126
03/05/2021$0-$5k$0-$5kJoomla! FOFEncryptRandval random valuesNot Defined
 
 
0.00CVE-2021-23128
03/05/2021$0-$5k$0-$5kSamsung Mobile Device quram Library memory corruptionNot Defined
 
 
0.00CVE-2021-25346
03/05/2021$0-$5k$0-$5kFortinet FortiGate HTTP Header unknown vulnerabilityNot Defined
 
 
0.00CVE-2020-15938
03/05/2021$0-$5k$0-$5kytnef ytnef.c TNEFSubjectHandler double freeNot Defined
 
 
0.08CVE-2021-3403
03/05/2021$0-$5k$0-$5kQCubed POST Request profile.php deserializationNot Defined
 
 
0.00CVE-2020-24914
03/05/2021$0-$5k$0-$5kytnef File ytnef.c SwapWord heap-based overflowNot Defined
 
 
0.00CVE-2021-3404
03/05/2021$0-$5k$0-$5ktotal.js set code injectionNot Defined
 
 
0.05CVE-2021-23344
03/05/2021$0-$5k$0-$5kGLPI dropdownConnect.php getItemForItemtype injectionProof-of-Concept
 
Link0.05CVE-2021-21327
03/05/2021$0-$5k$0-$5kFortinet FortiProxy SSL VPN Portal access controlNot Defined
 
 
0.06CVE-2021-22128
03/05/2021$0-$5k$0-$5kForkCMS Ajax endpoint injectionNot Defined
 
 
0.05CVE-2020-24036
03/05/2021$0-$5k$0-$5kSonLogger POST Request SaveUploadedHotspotLogoFile unrestricted uploadNot Defined
 
 
0.00CVE-2021-27964
03/05/2021$0-$5k$0-$5kQCubed profile.php sql injectionNot Defined
 
 
0.00CVE-2020-24913
03/05/2021$0-$5k$0-$5kDoctor Appointment System admin.php sql injectionNot Defined
 
 
0.08CVE-2021-27314
03/05/2021$0-$5k$0-$5kstack_dst Crate push_inner uninitialized pointerNot Defined
 
 
0.06CVE-2021-28035
03/05/2021$0-$5k$0-$5kbam Crate bgzip Block Load out-of-bounds writeNot Defined
 
 
0.08CVE-2021-28027
03/05/2021$0-$5k$0-$5kscratchpad Crate move_elements double freeNot Defined
 
 
0.00CVE-2021-28031
03/05/2021$0-$5k$0-$5kquinn Crate SocketAddrV6 memory corruptionNot Defined
 
 
0.09CVE-2021-28036
03/05/2021$0-$5k$0-$5kinternment Crate memory corruptionNot Defined
 
 
0.00CVE-2021-28037
03/05/2021$0-$5k$0-$5kMSI Dragon Center IOCTL Request MsIo64.sys buffer overflowNot Defined
 
 
0.00CVE-2021-27965
03/05/2021$0-$5k$0-$5ktoodee Crate Row Insert double freeNot Defined
 
 
0.07CVE-2021-28028
03/05/2021$0-$5k$0-$5knano_arena Crate split_at out-of-bounds writeNot Defined
 
 
0.07CVE-2021-28032
03/05/2021$0-$5k$0-$5kstack_dst Crate push_inner double freeNot Defined
 
 
0.00CVE-2021-28034
03/05/2021$0-$5k$0-$5kLinux Kernel GPU Nouveau Driver DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC null pointer dereferenceNot Defined
 
 
0.06CVE-2020-25639

Might our Artificial Intelligence support you?

Check our Alexa App!