Exploits 04/02/2021info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
04/02/2021$25k-$100k$5k-$25kAdobe Acrobat Reader PDF File improper validation of integrity check valueNot Defined
 
 
0.05CVE-2021-28545
04/02/2021$25k-$100k$5k-$25kAdobe Acrobat Reader PDF File improper validation of integrity check valueNot Defined
 
 
0.06CVE-2021-28546
04/02/2021$5k-$25k$0-$5kKaspersky Internet Security Anti-Virus Protection protection mechanismNot Defined
 
 
0.00CVE-2021-26718
04/02/2021$5k-$25k$0-$5kApache CXF JWT Token server-side request forgeryNot Defined
 
 
0.06CVE-2021-22696
04/02/2021$5k-$25k$0-$5kHuawei Smartphone Interface unknown vulnerabilityNot Defined
 
 
0.06CVE-2020-9149
04/02/2021$0-$5k$0-$5kHPE iLO Amplifier Pack cross site scriptingNot Defined
 
 
0.05CVE-2021-26580
04/02/2021$0-$5k$0-$5kVMware Carbon Black Cloud Workload Appliance Administrative Interface information disclosureNot Defined
 
 
0.08CVE-2021-21982
04/02/2021$0-$5k$0-$5kHPE Superdome Flex Server BMC Web Interface denial of serviceNot Defined
 
 
0.08CVE-2021-26581
04/02/2021$0-$5k$0-$5kZeroMQ Server Decoder decoder_allocators.hpp out-of-bounds writeNot Defined
 
 
0.00CVE-2021-20235
04/02/2021$0-$5k$0-$5kLinux Kernel Webcam v4l2-ioctl.c video_usercopy memory leakNot Defined
 
 
0.05CVE-2021-30002
04/02/2021$0-$5k$0-$5knetmask Package input validationNot Defined
 
 
0.06CVE-2021-28918
04/02/2021$0-$5k$0-$5kHuawei Smartphone Interface out-of-bounds readNot Defined
 
 
0.06CVE-2020-9147
04/02/2021$0-$5k$0-$5kvscode-stripe Repository injectionNot Defined
 
 
0.00CVE-2021-21420
04/02/2021$0-$5k$0-$5kAtlassian Confluence Server/Confluence Data Center WidgetConnector Plugin server-side request forgeryNot Defined
 
 
0.07CVE-2021-26072
04/02/2021$0-$5k$0-$5kTrojan-Downloader.Win32.Delf.nzg Arquivos de Programas permissionProof-of-Concept
 
Link0.06
04/02/2021$0-$5k$0-$5kIRC-Worm.Win32.Silentium.a Games permissionProof-of-Concept
 
Link0.03
04/02/2021$0-$5k$0-$5kTrojan-Downloader.Win32.Delf.ur Messenger permissionProof-of-Concept
 
Link0.00
04/02/2021$0-$5k$0-$5kTrojan-Downloader.Win32.Delf.oxz RECYCLER permissionProof-of-Concept
 
Link0.08
04/02/2021$0-$5k$0-$5kwpa_supplicant/hostapd pkcs1.c unknown vulnerabilityNot Defined
 
 
0.08CVE-2021-30004
04/02/2021$0-$5k$0-$5kHuawei Smartphone Interface denial of serviceNot Defined
 
 
0.00CVE-2020-9148
04/02/2021$0-$5k$0-$5keMPS Email Search sql injectionNot Defined
 
 
0.05CVE-2021-28969
04/02/2021$0-$5k$0-$5keMPS Central Management sql injectionNot Defined
 
 
0.00CVE-2021-28970
04/02/2021$0-$5k$0-$5kHuawei Smartphone Interface memory leakNot Defined
 
 
0.00CVE-2020-9146
04/02/2021$0-$5k$0-$5ksunkaifei FlyCMS ImagesService.java saveUrlAs server-side request forgeryNot Defined
 
 
0.00CVE-2020-19613
04/02/2021$0-$5k$0-$5kDevolutions SERVER Password List Entry access controlNot Defined
 
 
0.00CVE-2021-23921
04/02/2021$0-$5k$0-$5kcURL/libcURL TLS 1.3 Handshake certificate validationNot Defined
 
 
0.00CVE-2021-22890
04/02/2021$0-$5k$0-$5kPega Chat Access Group Portal access controlNot Defined
 
 
0.05CVE-2021-27653
04/02/2021$0-$5k$0-$5kLATRIX inandout.php sql injectionNot Defined
 
 
0.06CVE-2021-30000
04/02/2021$0-$5k$0-$5kGitLab gitlab-vscode-extension Local Privilege EscalationNot Defined
 
 
0.05CVE-2021-22195
04/02/2021$0-$5k$0-$5kDevolutions Server Windows Domain User improper authenticationNot Defined
 
 
0.00CVE-2021-23923
04/02/2021$0-$5k$0-$5kEclipse Jetty Default Compliance Mode web.xml information disclosureNot Defined
 
 
0.05CVE-2021-28164
04/02/2021$0-$5k$0-$5kBackdoor.Win32.Burbul.b FTP Server information disclosureProof-of-Concept
 
Link0.07
04/02/2021$0-$5k$0-$5kEclipse Jetty Directory information disclosureNot Defined
 
 
0.05CVE-2021-28163
04/02/2021$0-$5k$0-$5kpikepdf Package XMP Metadata metadata.py xml external entity referenceNot Defined
 
 
0.05CVE-2021-29421
04/02/2021$0-$5k$0-$5kdjango-registration User Registration information exposureNot Defined
 
 
0.00CVE-2021-21416
04/02/2021$0-$5k$0-$5kPostgreSQL UPDATE Permission information exposureNot Defined
 
 
0.00CVE-2021-3393
04/02/2021$0-$5k$0-$5knode-etsy-client REST API information disclosureNot Defined
 
 
0.00CVE-2021-21421
04/02/2021$0-$5k$0-$5kEclipse Jetty TLS Frame resource consumptionNot Defined
 
 
0.06CVE-2021-28165
04/02/2021$0-$5k$0-$5kContainers Storage Container Image lockingNot Defined
 
 
0.06CVE-2021-20291
04/02/2021$0-$5k$0-$5kNokia G-120W-F Administrative Interface cross site scriptingNot Defined
 
 
0.05CVE-2021-30003
04/02/2021$0-$5k$0-$5kmblog profile cross site scriptingNot Defined
 
 
0.00CVE-2020-19619
04/02/2021$0-$5k$0-$5kmblog Header Field editing cross site scriptingNot Defined
 
 
0.00CVE-2020-19616
04/02/2021$0-$5k$0-$5kmblog profile cross site scriptingNot Defined
 
 
0.07CVE-2020-19617
04/02/2021$0-$5k$0-$5kmblog editing cross site scriptingNot Defined
 
 
0.00CVE-2020-19618
04/02/2021$0-$5k$0-$5kDevolutions Remote Desktop Manager Administrative Reports cross site scriptingNot Defined
 
 
0.00CVE-2021-28047
04/02/2021$0-$5k$0-$5kDevolutions Remote Desktop Manager Webviews cross site scriptingNot Defined
 
 
0.08CVE-2021-23922
04/02/2021$0-$5k$0-$5kDevolutions Server Type Document cross site scriptingNot Defined
 
 
0.08CVE-2021-23925
04/02/2021$0-$5k$0-$5kGoCD backup cross-site request forgeryNot Defined
 
 
0.08CVE-2021-25924
04/02/2021$0-$5k$0-$5kAnsible Tower Modules log fileNot Defined
 
 
0.05CVE-2021-3447
04/02/2021$0-$5k$0-$5kDevolutions Server Diagnostic File information disclosureNot Defined
 
 
0.05CVE-2021-23924

Do you want to use VulDB in your project?

Use the official API to access entries easily!