Exploits 04/30/2021info

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang »

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTICVE
04/30/2021$25k-$100k$5k-$25kCisco ASA/Firepower Threat Defense HTTPS Request out-of-bounds writeNot Defined
 
 
0.03CVE-2021-1445
04/30/2021$25k-$100k$25k-$100kCisco Open Source Snort 2 Snort Detection Engine access controlNot Defined
 
 
0.07CVE-2021-1495
04/30/2021$25k-$100k$5k-$25kCisco ASA/Firepower Threat Defense HTTPS Request out-of-bounds writeNot Defined
 
 
0.04CVE-2021-1504
04/30/2021$25k-$100k$5k-$25kCisco ASA/Firepower Threat Defense Web Services Interface buffer overflowNot Defined
 
 
0.07CVE-2021-1493
04/30/2021$5k-$25k$5k-$25kCisco ASA/Firepower Threat Defense CLI os command injectionNot Defined
 
 
0.00CVE-2021-1476
04/30/2021$5k-$25k$5k-$25kCisco ASA/Firepower Threat Defense Upgrade Package command injectionNot Defined
 
 
0.00CVE-2021-1488
04/30/2021$5k-$25k$0-$5kCisco Firepower Threat Defense TLS Message memory corruptionNot Defined
 
 
0.04CVE-2021-1402
04/30/2021$5k-$25k$0-$5kCisco FirePOWER Management Center access controlNot Defined
 
 
0.03CVE-2021-1477
04/30/2021$5k-$25k$0-$5kCisco Firepower Threat Defense CLI input validationNot Defined
 
 
0.00CVE-2021-1448
04/30/2021$5k-$25k$0-$5kCisco ASA/Firepower Threat Defense SIP Inspection Engine denial of serviceNot Defined
 
 
0.03CVE-2021-1501
04/30/2021$5k-$25k$0-$5kCisco Firepower Device Manager REST API xml external entity referenceNot Defined
 
 
0.07CVE-2021-1369
04/30/2021$5k-$25k$0-$5kCisco FirePOWER Management Center Web-based Management Interface cross site scriptingNot Defined
 
 
0.03CVE-2021-1455
04/30/2021$5k-$25k$0-$5kCisco FirePOWER Management Center Web-based Management Interface cross site scriptingNot Defined
 
 
0.03CVE-2021-1457
04/30/2021$5k-$25k$0-$5kCisco FirePOWER Management Center Web-based Management Interface cross site scriptingNot Defined
 
 
0.03CVE-2021-1458
04/30/2021$5k-$25k$0-$5kCisco FirePOWER Management Center Web-based Management Interface cross site scriptingNot Defined
 
 
0.00CVE-2021-1456
04/30/2021$5k-$25k$0-$5kCisco Firepower Threat Defense CLI Command pathname traversalNot Defined
 
 
0.04CVE-2021-1256
04/30/2021$0-$5k$0-$5kCisco Firepower Device Manager Web-based Management resource consumptionNot Defined
 
 
0.05CVE-2021-1489
04/30/2021$0-$5k$0-$5kAmbarella Oryx RTSP Server RTSP Request libamprotocol-rtsp.so.1 parse_authentication_header buffer overflowNot Defined
 
 
0.03CVE-2020-24918
04/30/2021$0-$5k$0-$5kBackdoor.Win32.Agent.oj Service Port 23 stack-based overflowProof-of-Concept
 
Link0.00
04/30/2021$0-$5k$0-$5kBackdoor.Win32.Agent.kte Service Port 80 stack-based overflowProof-of-Concept
 
Link0.07
04/30/2021$0-$5k$0-$5kBackdoor.Win32.Agent.gmug Service Port 33308 heap-based overflowProof-of-Concept
 
Link0.03
04/30/2021$0-$5k$0-$5kGraphviz Graph Visualization Tools shapes.c buffer overflowNot Defined
 
 
0.03CVE-2020-18032
04/30/2021$0-$5k$0-$5kBackdoor.Win32.Agent.oj Service Port 23 backdoorProof-of-Concept
 
Link0.07
04/30/2021$0-$5k$0-$5kNVIDIA Virtual GPU Manager Kernel Mode Driver buffer overflowNot Defined
 
 
0.00CVE-2021-1083
04/30/2021$0-$5k$0-$5kNVIDIA Virtual GPU Manager Shared Memory buffer overflowNot Defined
 
 
0.06CVE-2021-1085
04/30/2021$0-$5k$0-$5kNVIDIA vGPU Software Kernel Mode Driver buffer overflowNot Defined
 
 
0.03CVE-2021-1081
04/30/2021$0-$5k$0-$5kNVIDIA Virtual GPU Manager Local Privilege EscalationNot Defined
 
 
0.06CVE-2021-1080
04/30/2021$0-$5k$0-$5kNVIDIA Virtual GPU Manager Local Privilege EscalationNot Defined
 
 
0.00CVE-2021-1082
04/30/2021$0-$5k$0-$5kNVIDIA Virtual GPU Manager Kernel Mode Driver buffer overflowNot Defined
 
 
0.00CVE-2021-1084
04/30/2021$0-$5k$0-$5kWorm.Win32.Delf.hu permissionProof-of-Concept
 
Link0.06
04/30/2021$0-$5k$0-$5kHEUR.Trojan.Win32.Bayrob.gen permissionProof-of-Concept
 
Link0.04
04/30/2021$0-$5k$0-$5ksysteminformation Parameter si.processLoad os command injectionNot Defined
 
 
0.03CVE-2021-21388
04/30/2021$0-$5k$0-$5kNVIDIA Virtual GPU Manager access controlNot Defined
 
 
0.03CVE-2021-1086
04/30/2021$0-$5k$0-$5kPritunl Client pritunl-service neutralization for logsNot Defined
 
 
0.03CVE-2020-27519
04/30/2021$0-$5k$0-$5krkyv Crate Archive uninitialized pointerNot Defined
 
 
0.06CVE-2021-31919
04/30/2021$0-$5k$0-$5kklibc calloc integer overflowNot Defined
 
 
0.00CVE-2021-31870
04/30/2021$0-$5k$0-$5kklibc cpio Command integer overflowNot Defined
 
 
0.00CVE-2021-31872
04/30/2021$0-$5k$0-$5kklibc cpio Command integer overflowNot Defined
 
 
0.00CVE-2021-31871
04/30/2021$0-$5k$0-$5kklibc malloc integer overflowNot Defined
 
 
0.00CVE-2021-31873
04/30/2021$0-$5k$0-$5kCygwin Git injectionNot Defined
 
 
0.04CVE-2021-29468
04/30/2021$0-$5k$0-$5kZoho ManageEngine EventLog Analyzer ZIP Archive pathname traversalNot Defined
 
 
0.04CVE-2021-28959
04/30/2021$0-$5k$0-$5kvTiger CRM Calendar Export sql injectionNot Defined
 
 
0.03CVE-2020-22807
04/30/2021$0-$5k$0-$5kBackdoor.Win32.Agent.ggw FTP Service improper authenticationProof-of-Concept
 
Link0.03
04/30/2021$0-$5k$0-$5kiCMS HTTP Request database.admincp.php do_del path traversalNot Defined
 
 
0.03CVE-2020-18070
04/30/2021$0-$5k$0-$5kGOG GalaxyClient DLL Loader zlib1.dll untrusted search pathNot Defined
 
 
0.00CVE-2021-26807
04/30/2021$0-$5k$0-$5kGhost Endpoint preview cross site scriptingNot Defined
 
 
0.00CVE-2021-29484
04/30/2021$0-$5k$0-$5kMongoDB Server Find Query denial of serviceNot Defined
 
 
0.03CVE-2021-20326
04/30/2021$0-$5k$0-$5kdjango-filter numeric conversionNot Defined
 
 
0.03CVE-2020-15225
04/30/2021$0-$5k$0-$5kJeesns CkeditorUploadController.java cross site scriptingNot Defined
 
 
0.00CVE-2020-18035
04/30/2021$0-$5k$0-$5kpki-core KRA Agent Service cross site scriptingNot Defined
 
 
0.03CVE-2020-1721

Do you know our Splunk app?

Download it now for free!