Exploits April 2021info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
04/03/2021$100k and more$25k-$100kApple iOS/iPadOS out-of-bounds writeNot Defined
 
 
1.53CVE-2021-1795
04/03/2021$100k and more$25k-$100kApple iOS/iPadOS Image memory corruptionNot Defined
 
 
0.76CVE-2020-27933
04/03/2021$100k and more$25k-$100kApple iOS/iPadOS Font File memory corruptionNot Defined
 
 
0.76CVE-2020-29624
04/03/2021$100k and more$25k-$100kApple iOS/iPadOS XML use after freeNot Defined
 
 
0.89CVE-2020-9926
04/03/2021$100k and more$25k-$100kApple iOS/iPadOS out-of-bounds writeNot Defined
 
 
2.03CVE-2021-1796
04/10/2021$25k-$100k$5k-$25kGoogle Chrome Screen Sharing use after freeNot Defined
 
 
2.86-CVE-2021-21194
04/10/2021$25k-$100k$5k-$25kGoogle Chrome v8 use after freeNot Defined
 
 
4.64-CVE-2021-21195
04/10/2021$25k-$100k$5k-$25kGoogle Chrome TabStrip heap-based overflowNot Defined
 
 
3.18-CVE-2021-21196
04/10/2021$25k-$100k$5k-$25kGoogle Chrome TabStrip heap-based overflowNot Defined
 
 
4.89-CVE-2021-21197
04/10/2021$25k-$100k$5k-$25kGoogle Chrome Aura use after freeNot Defined
 
 
4.26-CVE-2021-21199
04/03/2021$25k-$100k$5k-$25kApple iOS/iPadOS Image out-of-bounds writeNot Defined
 
 
0.13CVE-2020-9955
04/03/2021$25k-$100k$5k-$25kApple iOS/iPadOS memory corruptionNot Defined
 
 
0.44CVE-2021-1780
04/03/2021$25k-$100k$5k-$25kApple iOS/iPadOS sandboxNot Defined
 
 
0.06CVE-2020-27935
04/03/2021$25k-$100k$5k-$25kApple iOS/iPadOS use after freeNot Defined
 
 
0.00CVE-2020-27899
04/02/2021$25k-$100k$5k-$25kAdobe Acrobat Reader PDF File improper validation of integrity check valueNot Defined
 
 
0.05CVE-2021-28545
04/02/2021$25k-$100k$5k-$25kAdobe Acrobat Reader PDF File improper validation of integrity check valueNot Defined
 
 
0.05CVE-2021-28546
04/03/2021$25k-$100k$5k-$25kApple iOS/iPadOS Audio File out-of-bounds readNot Defined
 
 
0.07CVE-2020-29610
04/03/2021$25k-$100k$5k-$25kApple iOS/iPadOS Font out-of-bounds readNot Defined
 
 
0.00CVE-2020-29639
04/03/2021$25k-$100k$5k-$25kApple iOS/iPadOS Image out-of-bounds readNot Defined
 
 
0.00CVE-2020-29615
04/03/2021$25k-$100k$5k-$25kApple iOS/iPadOS out-of-bounds readNot Defined
 
 
0.76CVE-2021-1794
04/10/2021$25k-$100k$5k-$25kGoogle Chrome IPC out-of-bounds readNot Defined
 
 
3.18-CVE-2021-21198
04/03/2021$25k-$100k$5k-$25kApple iOS/iPadOS URL cross site scriptingNot Defined
 
 
1.60CVE-2021-1748
04/08/2021$25k-$100k$5k-$25kCisco RV110W/RV130/RV130W/RV215W Web-based Management Interface memory corruptionNot Defined
 
 
1.71CVE-2021-1459
04/08/2021$25k-$100k$5k-$25kIBM WebSphere Application Server server-side request forgeryNot Defined
 
 
0.89CVE-2021-20480
04/08/2021$25k-$100k$5k-$25kCisco SD-WAN vManage Software memory corruptionNot Defined
 
 
1.46CVE-2021-1479
04/08/2021$25k-$100k$5k-$25kCisco SD-WAN vManage Software memory corruptionNot Defined
 
 
1.46CVE-2021-1480
04/09/2021$25k-$100k$5k-$25kLinux Kernel BPF JIT Compiler Remote Privilege EscalationProof-of-Concept
 
 
3.75CVE-2021-29154
04/08/2021$5k-$25k$5k-$25kCisco Unified Communications Manager SOAP API Endpoint code injectionNot Defined
 
 
0.63CVE-2021-1362
04/07/2021$5k-$25k$5k-$25kD-Link DSL-320B-D1 login.xgi buffer overflowNot Defined
 
 
0.13CVE-2021-26709
04/08/2021$5k-$25k$5k-$25kCisco SD-WAN vManage Software memory corruptionNot Defined
 
 
0.65CVE-2021-1137
04/08/2021$5k-$25k$5k-$25kCisco Small Business RV Series Router Web-based Management Interface memory corruptionNot Defined
 
 
0.77CVE-2021-1472
04/08/2021$5k-$25k$5k-$25kCisco Small Business RV Series Router Web-based Management Interface memory corruptionNot Defined
 
 
0.32CVE-2021-1473
04/08/2021$5k-$25k$5k-$25kCisco Advanced Malware Protection/Immunet DLL Loader uncontrolled search pathNot Defined
 
 
0.32CVE-2021-1386
04/07/2021$5k-$25k$5k-$25kFacebook WhatsApp/WhatsApp Business Decoding Pipeline out-of-bounds writeNot Defined
 
 
1.40CVE-2021-24026
04/03/2021$5k-$25k$5k-$25kApple macOS Image memory corruptionNot Defined
 
 
0.19CVE-2020-27933
04/03/2021$5k-$25k$5k-$25kApple macOS Image Remote Code ExecutionNot Defined
 
 
0.07CVE-2020-27939
04/03/2021$5k-$25k$5k-$25kApple macOS XML use after freeNot Defined
 
 
1.54CVE-2020-9926
04/03/2021$5k-$25k$5k-$25kApple iCloud Image memory corruptionNot Defined
 
 
1.00CVE-2020-27933
04/03/2021$5k-$25k$5k-$25kApple macOS Font File memory corruptionNot Defined
 
 
0.00CVE-2020-29624
04/03/2021$5k-$25k$5k-$25kApple macOS Image Remote Code ExecutionNot Defined
 
 
0.00CVE-2020-29625
04/03/2021$5k-$25k$5k-$25kApple iCloud XML use after freeNot Defined
 
 
0.06CVE-2020-9926
04/08/2021$5k-$25k$0-$5kClamAV Antivirus PDF Parser buffer overflowNot Defined
 
 
0.77CVE-2021-1405
04/07/2021$5k-$25k$0-$5kQualcomm Snapdragon Auto Socket Event use after freeNot Defined
 
 
0.10CVE-2020-11234
04/02/2021$5k-$25k$0-$5kKaspersky Internet Security Anti-Virus Protection protection mechanismNot Defined
 
 
0.06CVE-2021-26718
04/07/2021$5k-$25k$0-$5kQualcomm Snapdragon Auto Suspend Mode double freeNot Defined
 
 
0.00CVE-2020-11246
04/07/2021$5k-$25k$0-$5kQualcomm Snapdragon Compute IO Control memory corruptionNot Defined
 
 
0.00CVE-2021-1892
04/07/2021$5k-$25k$0-$5kQualcomm Snapdragon Auto Histogram memory corruptionNot Defined
 
 
0.00CVE-2020-11237
04/07/2021$5k-$25k$0-$5kQualcomm Snapdragon Connectivity RPM memory corruptionNot Defined
 
 
0.00CVE-2020-11210
04/07/2021$5k-$25k$0-$5kQualcomm Snapdragon Auto Dimensions memory corruptionNot Defined
 
 
0.05CVE-2020-11236
04/08/2021$5k-$25k$0-$5kCisco Small Business RV Series Router Link Layer Discovery Protocol memory corruptionNot Defined
 
 
0.97CVE-2021-1251

Interested in the pricing of exploits?

See the underground prices here!